Head of Security Risk and Governance (all genders)

at  Zalando

THE ROLE & THE TEAM

Zalando’s Information Security Department is seeking an exceptionally talented security risk, compliance and governance leader with substantial operations/systems background to lead our Security Risk and Governance (SRG) team. In this role, you will lead a team of 5-10 people that maintain our ISMS, and manage security risks, third party security risks, as well as all topics related to compliance (e.g. NIS2 etc). The SRG team also maintains the security exception process along with the communication to stakeholders, supports the different business areas with specific attestations/certifications (e.g. SOC2, PCI DSS), and ensures remediation of audit findings owned by the information security team.

WHAT WE’D LOVE YOU TO DO (AND LOVE DOING)

• Security governance - maintaining our ISMS, including the implementation/refinement of policies, standards, guidelines and procedures in cooperation with the respective process owners.

• Security risk management - managing and refining the IT security risk methodology, supporting third party and internal application security risk assessments, as well as preparation of the information security risk reporting for the Management Board.

• Compliance management - defining and implementing of baseline controls, implementation of relevant compliance, and continuous ISMS maturity assessment based on NIST 800-53.
• GRC Framework - leading and implementing enterprise-wide risk management frameworks that align with the industry standards (e.g. SOC2, NIS2, etc).
• Decision on compliance exceptions - owning decisions around IT compliance exceptions and ensuring alignment with security objectives.
• Security audit findings - coordination of the remediation of audit findings owned by the information security team.