IT-Security & Compliance Engineer (m/f/d)

The body is limited to two years and includes the following tasks: Construction, operation and further development of a Group-wide ISMS according to ISO/IEC 27001:2022 and ISO/IEC 42001 Introduction and further development of structured and partially automated compliance processes, e.g. for proofs, controls and audit preparation Integration of regulatory requirements (DORA, EU AI Act, NIS2, GDPR) into existing compliance structures Preparation, coordination and monitoring of internal and external audits, with a focus on automation and lower detection effort Maintaining the risk and asset register and implementing standardised risk assessments in the IT, AI and project context Implementation of AI governance in accordance with ISO/IEC 42001 and the establishment of AI risk management across the entire life cycle. Implementation of EU AI Act requirements for high-risk AI systems Implementation of requirements for IT risk management, business continuity, disaster recovery and incident management as part of legal requirements Development, harmonisation and care of group-wide safety guidelines Close cooperation with IT, law, data protection, purchasing, sales and external auditors and preparation of regular management reports

Complete degree in economic law, IT law, law & compliance or comparable qualification Insufficient professional experience in IT law, data protection, compliance, regulatory or interface roles between law and IT Knowledge of relevant standards and regulators, in particular: ISO/IEC 27001, ISO/IEC 42001, GDPR, EU AI Act, DORA, NIS2 Detectable further education in the field of information security, ideally as ISO/IEC 27001 Practitioner, Lead Implementer or Lead Auditor Experience in the analysis of regulatory requirements, compilation of compliance documentation as well as supervision of internal and external audits Impressed communication strength and safe occurrence to auditors, departments and management Structured, independent and solution-oriented mode of operation with high analytical capability Very good knowledge of German and English Advantage: Experience with GRC/TPRM tools (e.g. OneTrust, Vanta, Drata) as well as interest in automation and RegTech approaches

Working environment: leading media company in the heart of Schwabing Development: Individual offers for professional and personal development Health: Sports and Health Care - Cooperation with EGYM Work-Life-Balance: Working time options through 37.5 hours/week full time in sliding time and home office Social Events: After-Work-Beer, Internal House Fair for employees, Summer and Winter Festival Goodies: fare and lunch grant, parking with e-load infrastructure, book discount & much more! !