MenuMenu

Head of Security Risk and Governance (all genders)

Location
Berlin
Contract
Full time
Job Category
Cybersecurity

THE ROLE & THE TEAM

Zalando’s Information Security Department is seeking an exceptionally talented security risk, compliance and governance leader with substantial operations/systems background to lead our Security Risk and Governance (SRG) team. In this role, you will lead a team of 5-10 people that maintain our ISMS, and manage security risks, third party security risks, as well as all topics related to compliance (e.g. NIS2 etc). The SRG team also maintains the security exception process along with the communication to stakeholders, supports the different business areas with specific attestations/certifications (e.g. SOC2, PCI DSS), and ensures remediation of audit findings owned by the information security team.


INCLUSIVE BY DESIGN
 

At Zalando, our vision is to be inclusive by design. And this vision starts with our hiring - we do not discriminate on the basis of gender identity, sexual orientation, personal expression, ethnicity, religious belief, or disability status. You are welcome to leave out your picture, age, or marital status from your application. We only assess candidates on their qualifications and merit. 


We want to provide you with a great candidate experience. Feel free to inform us of any accommodations you may need, so we can best support you throughout the hiring process. 

do.BETTER - our diversity & inclusion strategy: https://corporate.zalando.com/en/our-impact/dobetter-our-diversity-and-inclusion-strategy
Our employee resource groups: https://corporate.zalando.com/en/our-impact/our-employee-resource-groups 


 

WHAT WE’D LOVE YOU TO DO (AND LOVE DOING) 
 

  • Security governance - maintaining our ISMS, including the implementation/refinement of policies, standards, guidelines and procedures in cooperation with the respective process owners.

  • Security risk management - managing and refining the IT security risk methodology, supporting third party and internal application security risk assessments, as well as preparation of the information security risk reporting for the Management Board.

  • Compliance management - defining and implementing of baseline controls, implementation of relevant compliance, and continuous ISMS maturity assessment based on NIST 800-53.

  • GRC Framework -  leading and implementing enterprise-wide risk management frameworks that align with the industry standards (e.g. SOC2, NIS2, etc).

  • Decision on compliance exceptions - owning decisions around IT compliance exceptions and ensuring alignment with security objectives.

  • Security audit findings - coordination of the remediation of audit findings owned by the information security team.


WE’D LOVE TO MEET YOU IF

  • You have more than seven years of experience and a deep knowledge of security governance, risk, compliance and audit.

  • You possess over four years of experience in team development and leadership, successfully managing teams of more than five members.

  • You demonstrate advanced expertise in information security policies, standards, and governance controls within complex computing environments.

  • You have a strong understanding of information security frameworks, standards, and best practices (e.g., SOC2, NIST, GDPR).

  • You possess exceptional written and verbal communication skills in English, with the ability to effectively translate security and risk concepts for stakeholders at all levels of the business.

  • You can demonstrate your expertise through recognized certifications such as CISSP, Security+, CISM, CISA, ISO/IEC 27001 Lead Implementer, among others.


 

If you think you have what it takes, we encourage you to apply even if you don't meet every single requirement. You may just be the right candidate for this or other roles!


 


OUR OFFER
 

Zalando provides a range of benefits, here’s an overview of what you can expect. Ask your Talent Acquisition Partner to learn more about what we offer.

  • Employee shares program

  • 40% off fashion and beauty products sold and shipped by Zalando, 30% off Zalando Lounge, discounts from external partners

  • 2 paid volunteering days a year

  • Hybrid working model with 60% (or more) remote per week, actual practice is up to each team to best support their collaboration

  • Work from abroad for up to 30 working days a year

  • 27 days of vacation a year to start

  • Relocation assistance available (subject to prior agreement)

  • Family services, including counseling and support

  • Health and wellbeing options (including Gympass)

  • Mental health support and coaching available

Learn all about Zalando and our values here: https://jobs.zalando.com/en/?gh_src=22377bdd1us 





 

Recruiter

Ana Ermilova

ana.ermilova@zalando.de

Bitte beachten, dass alle Bewerbungen auf dieser Seite über das Online-Formular erfolgen müssen – wir akzeptieren keine Bewerbungen per E-Mail. Nach der Prüfung werden unsere Recruiter*innen über eine offizielle Zalando E-Mail-Adresse (@zalando.de) Kontakt aufnehmen.

In einigen Fällen arbeiten wir auch mit einer Auswahl von Headhunter*innen und Agenturen zusammen, um bestimmte Positionen zu besetzen. Bitte beachte, dass weder Zalando noch unsere Rekrutierungspartner*innen irgendeine Art von Bezahlung verlangen, um sich für eine Stelle zu bewerben oder an einem Vorstellungsgespräch teilzunehmen. 

Wenn du Fragen zu unserem Rekrutierungsprozess hast, wirf bitte einen Blick auf unsere FAQ-Seite.

Über Zalando

Es ist die perfekte Zeit, sich Zalando auf unserer Reise anzuschließen, das führende E-Commerce-Ökosystem für den europäischen Mode- und Lifestyle-Markt aufzubauen. Hilf uns, rund 50 Millionen aktiven Kund*innen in 25 Märkten ein inspirierendes und qualitätsorientiertes Einkaufserlebnis für Mode- und Lifestyle-Produkte zahlreicher Marken aus einer Hand zu bieten. Oder sei Teil unserer Zalando Logistik-, Software- und Service-Infrastruktur, um Marken und Einzelhändler bei ihren E-Commerce-Transaktionen in ganz Europa zu unterstützen – sowohl auf als auch außerhalb der Zalando Plattform. Komm zu uns, um mit diesem Ökosystem einen positiven Wandel in der Mode- und Lifestylebranche zu bewirken.