Collaboration Betters The World GmbH is hiring a Governance, Risk & Compliance (GRC) Expert (m/w/d)

About the Role

Support clients in developing and enhancing their information security strategies, manage security projects, implement and improve ISMS frameworks, assess risks using standards like ISO 27005 and EBIOS RM, ensure compliance with regulations such as GDPR, NIS2, and DORA, develop security policies and KPIs, lead incident response coordination, conduct audits, and promote security awareness through training and best practices.

Responsibilities

• Assist clients in defining and executing their information security strategy.
• Plan, organize, and oversee the execution of security projects.
• Implement and continuously improve Information Security Management Systems (ISMS).
• Develop and maintain security policies and processes, including Incident Response and Security Policies.
• Evaluate security risks using established frameworks such as ISO 27005 and EBIOS RM.
• Identify and monitor operational, compliance, and cybersecurity risks.
• Define and deploy security KPIs to measure and track security performance.
• Support clients in complying with key cybersecurity and data protection regulations including NIS2, DORA, GDPR, and NIST.
• Assess organizational security posture and identify areas for improvement.
• Conduct internal audits and support compliance processes.
• Coordinate responses to security incidents and support post-incident analysis.
• Monitor action plans following audits or incidents and ensure corrective measures are implemented.
• Design and implement initiatives to strengthen overall security maturity.
• Deliver training sessions and awareness programs on information security and GRC policies.
• Promote the adoption of security standards and best practices within client organizations.
• Contribute expertise to the internal security community.
• Share knowledge and best practices with colleagues to strengthen collective capabilities.

Requirements

• Bachelor’s or Master’s degree in Cybersecurity, Information Security, or a related field.
• Minimum of five years of professional experience in Governance, Risk & Compliance or Information Security roles.
• In-depth knowledge of ISO 2700x standards, including ISO 27001, ISO 27002, and ISO 27005.
• Hands-on experience with risk management methodologies such as EBIOS RM.
• Familiarity with regulatory requirements including NIS2, DORA, and GDPR.
• Proven experience in implementing or enhancing an ISMS.
• Strong analytical skills and a structured, detail-oriented approach to work.
• Fluent in both German and English, both written and spoken.

Nice to Have

• Certifications such as ISO 27001 Lead Implementer, Lead Auditor, or ISO 27005 Risk Manager.
• Additional certifications like CISM, CISSP, CRISC, or CISA are advantageous.

Benefits

• Welcome event, introductory drink, and new employee lunch.
• Mentoring program to support onboarding and early development.
• Afterwork gatherings, summer tech events, and an annual Christmas celebration.
• Opportunities to participate in social initiatives and donation campaigns.
• Personalized career development paths and regular feedback discussions.
• Access to a wide range of in-house training, online courses, and external professional development.
• Collaboration with colleagues across Europe in an international environment.
• Remote work flexibility, including workation options within and beyond the EU.
• Sabbatical options and flexible working hour arrangements.
• Public holidays based on Baden-Württemberg calendar plus additional local holidays from your region.
• 30 days of annual leave.
• Allowance for setting up your home office equipment.