Westhouse is one of the leading international recruitment agencies for the procurement of highly qualified experts in fields such as IT lifecycle management, SAP, engineering, commerce and specialist consultancy.
For our client we are currently looking for a Information Security, Risk and Compliance Lead Consultancy (m/f/d) - Frankfurt (50%) and Remote.
Your tasks
1. Provide overall leadership and accountability for defining, embedding, and governing Compliance, Security, and related Risk across all EDP programs and product lines, from initial project phase through sustainable line organization.
2. Ownership of the overall vision, scope, and roadmap for Compliance, Security, and Risk within the EDP program and product lines.
3. Ensuring consistent interpretation and application of compliance, security, and risk requirements across all products.
4. Steering of the initial analysis and introduction phase and ensure structured transition into the EDP line organization.
5. Providing definitions of success criteria, milestones, and priorities for the Compliance, Security & Risk initiative.
6. Acting as the primary escalation and decision authority for cross-domain security and compliance topics.
7. Objective Direct and align Technical SME and Security Analyst activities to ensure technical designs, architectures, and processes comply with security, compliance, and risk requirements.
8. Giving recommendations, guidance and overseeing analysis of technical designs across EDP program domains, product lines, and product flows.
9. Ensuring coherent security and compliance recommendations across platform and product architectures.
10. Validation and consolidation inputs from Technical SMEs and Security Analysts into a consistent target architecture.
11. Ensuring technical implications of compliance and risk requirements are clearly understood and actionable.
12. Balancing regulatory requirements with technical feasibility and product delivery needs.
13. Objective Define and establish scalable governance, processes, and organizational structures to sustainably manage compliance, security, and risk in EDP.
14. Designing and evolving the EDP program and product-line governance model for compliance, security, and risk.
15. Providing definitions of roles, responsibilities, interfaces, and decision forums between platform, product lines, and governance functions.
16. Establishing security and compliance review processes aligned with development and delivery of lifecycles.
17. Shaping the target operating model for the security & compliance support function.
18. Ensuring clear ownership and accountability once responsibilities transition into line organization.
19. Objective Ensure strong and continuous alignment between technical domains and Governance, Risk, and Compliance stakeholders.
20. Acting as the main interface between EDP stakeholders such as technical leadership and GRC, Compliance, and Risk functions.
21. Coordination on interpretation of CRS rulebooks, regulatory requirements, and internal standards.
22. Ensuring security and compliance controls are consistently translated into technical and procedural requirements.
23. Management on regulatory impacts on EDP architecture, processes, and delivery timelines.
24. Represent EDP Compliance, Security & Risk topics in senior stakeholder and steering meetings.
25. Objective Ensure consistent adoption of security architecture principles, patterns, and secure design practices across EDP platforms and products.
26. Give recommendations for approving and sponsoring security guiding principles and patterns for EDP.
27. Ensuring critical integration points and platform services follow approved secure integration patterns.
28. Overseeing monitoring of adoption and effectiveness of security patterns across product lines.
29. Driving continuous improvement of security related standards based on risk, incidents, and lessons learned.
30. Give recommendations and guidance for strategic decisions with a clear security and compliance perspective.
31. Objective Build long-term security and compliance capability within EDP through enablement, communication, and knowledge transfer.
32. Sponsoring and guiding workshops, training sessions, and knowledge-sharing initiatives for relevant stakeholders
33. Ensuring security and compliance knowledge is documented, accessible, and maintained.
34. Promoting a shared understanding of responsibilities and processes across technical, product, and governance roles.
35. Ensuring learnings from project execution are embedded into standards and operating procedures.
36. Fostering a culture of “security and compliance by design” across EDP.