Define, develop, and maintain the comprehensive regulatory framework, including cybersecurity Policies, Standards, and Procedures, ensuring they are current, relevant, and aligned with organizational objectives.
Coordinate GRC-related processes and activities effectively with various internal departments and business areas.
Collaborate closely with the Product Compliance team to ensure compliance with product security standards, specifically focusing on ISO/SAE 21434 (Road vehicles Cybersecurity engineering).
Coordinate GRC tasks and content creation with the Learning & Development function, including the development of engaging awareness content, training modules, and educational materials for employees on key cybersecurity topics.
Primary Skills
In-depth knowledge and practical experience with key information security frameworks and standards, including ISO/IEC 27001 (Information Security Management System).
Familiarity with industry-specific assessment frameworks like TISAX (Trusted Information Security Assessment Exchange).
Understanding of upcoming or relevant regulatory requirements, such as the NIS2 Directive.
Strong knowledge of Risk Management models and methodologies
Demonstrable experience in the industrial sector, with a strong preference for the automotive industry.
Prior knowledge of product security (security applied to products, components, or systems) or a proven ability to quickly acquire this specialized knowledge.
Proactivity in identifying compliance gaps and suggesting improvements to the GRC framework.
Demonstrated ability to work effectively as part of a team and collaborate across functional boundaries.
Qualifications
Bachelor's degree in information technology, Computer Science, or a related field.
A proactive, results-oriented, and team-oriented mindset is essential, with a strong commitment to continuous improvement.
36 years of hands-on experience in Governance & Risk Management Activities.
Excellent communication and interpersonal skills, with the proven ability to interact and influence diverse stakeholders (technical teams, senior management, legal, compliance).
