MERKUR.COM AG | Germany | 32xxx Espelkamp | Permanent position | Full time / Home office | Published since: 24.03.2026 on stepstone.de
IT-Security Manager GRC (m/f/d)
Do you want to actively shape information security and responsibility for governance, risk and compliance issues? You work structured, analytically and keep regulatory requirements and IT risks in mind? Then you are right with us! We are looking for you as IT security manager GRC (m/w/d) to further develop our information security and compliance structures. Did we awaken your interest? Then apply to us as a secure employer! !
* After clicking the Read more button, the original advert will open on our partner's website, where you can see the details of this vacancy and contact information. If you need a translation of this text, after returning to our website it will be prepared and you can read it by clicking the Show full translation button.
Your tasks • Your profile • What we offer
As IT security manager GRC, you build the GRC framework for information security, develop it continuously and anchor governance, risk and compliance structures in the company. Furthermore, ensure compliance with relevant legal, regulatory and normative requirements (e.g. ISO 27001, NIS2, DORA, BSI IT-Grundschutz, NGCB 5.260). As an ISO-27001 specialist, you conduct internal audits, accompany audits and support the further development of the ISMS. You identify, evaluate and document IT and information security risks, conduct risk analyses and implement appropriate measures. In addition, you follow risks, measures and deviations and advise IT as well as specialist areas in risk-oriented decisions. Last but not least, you create reports, KPIs and management reports and report directly to the Group CISO.
Complete study of computer science, business informatics or IT security or completed training in IT (e.g. specialist in system integration) with corresponding professional experience Multiannual experience in IT security, ISMS or IT risk management Very good knowledge of relevant standards, standards and regulatory requirements (e.g. ISO 27001, DORA, NIS2, BSI IT-Grundschutz, NGCB 5.260) Experience in carrying out risk analyses, audit processes and implementation of security measures Ideally you have certifications such as ISO 27001, CISM, CISSP or CRISC Analytical, structured and self-responsive working methods, pronounced communication and consulting skills as well as readiness for travel of approx. 10–20 %
Framework conditions: 30 days vacation, flexible working time models, possibility for mobile work, service phone, tablet Continuing Education & Career: Own training centre, diverse development opportunities throughout the group Team & Community: Employee Events, Department Events Health & Sports: Health and Safety Management, Operational Sports Insurance & Protection: Occupational Incapacity Insurance, Occupational Pensions Exclusive offers: e-bike leasing, corporate benefits, employee discounts, local offers depending on location -> Here is our Benefits
Location
 | MERKUR.COM AG | |
| 32339 Espelkamp | ||
| Germany |
The text of this ad was translated from German into English using an automatic translation system and may contain semantic and lexical errors. Therefore, it should be used for introductory purposes only. For more detailed information, see the original text of the ad at the link below.
For more information read the original ad