Head of Security Risk and Governance (all genders)

Location
Berlin
Contract
Full time
Job Category
Cybersecurity

THE ROLE & THE TEAM

Zalando’s Information Security Department is seeking an exceptionally talented security risk, compliance and governance leader with substantial operations/systems background to lead our Security Risk and Governance (SRG) team. In this role, you will lead a team of 5-10 people that maintain our ISMS, and manage security risks, third party security risks, as well as all topics related to compliance (e.g. NIS2 etc). The SRG team also maintains the security exception process along with the communication to stakeholders, supports the different business areas with specific attestations/certifications (e.g. SOC2, PCI DSS), and ensures remediation of audit findings owned by the information security team.


INCLUSIVE BY DESIGN
 

At Zalando, our vision is to be inclusive by design. And this vision starts with our hiring - we do not discriminate on the basis of gender identity, sexual orientation, personal expression, ethnicity, religious belief, or disability status. You are welcome to leave out your picture, age, or marital status from your application. We only assess candidates on their qualifications and merit. 


We want to provide you with a great candidate experience. Feel free to inform us of any accommodations you may need, so we can best support you throughout the hiring process. 

do.BETTER - our diversity & inclusion strategy: https://corporate.zalando.com/en/our-impact/dobetter-our-diversity-and-inclusion-strategy
Our employee resource groups: https://corporate.zalando.com/en/our-impact/our-employee-resource-groups 


 

WHAT WE’D LOVE YOU TO DO (AND LOVE DOING) 
 

  • Security governance - maintaining our ISMS, including the implementation/refinement of policies, standards, guidelines and procedures in cooperation with the respective process owners.

  • Security risk management - managing and refining the IT security risk methodology, supporting third party and internal application security risk assessments, as well as preparation of the information security risk reporting for the Management Board.

  • Compliance management - defining and implementing of baseline controls, implementation of relevant compliance, and continuous ISMS maturity assessment based on NIST 800-53.

  • GRC Framework -  leading and implementing enterprise-wide risk management frameworks that align with the industry standards (e.g. SOC2, NIS2, etc).

  • Decision on compliance exceptions - owning decisions around IT compliance exceptions and ensuring alignment with security objectives.

  • Security audit findings - coordination of the remediation of audit findings owned by the information security team.


WE’D LOVE TO MEET YOU IF

  • You have more than seven years of experience and a deep knowledge of security governance, risk, compliance and audit.

  • You possess over four years of experience in team development and leadership, successfully managing teams of more than five members.

  • You demonstrate advanced expertise in information security policies, standards, and governance controls within complex computing environments.

  • You have a strong understanding of information security frameworks, standards, and best practices (e.g., SOC2, NIST, GDPR).

  • You possess exceptional written and verbal communication skills in English, with the ability to effectively translate security and risk concepts for stakeholders at all levels of the business.

  • You can demonstrate your expertise through recognized certifications such as CISSP, Security+, CISM, CISA, ISO/IEC 27001 Lead Implementer, among others.


 

If you think you have what it takes, we encourage you to apply even if you don't meet every single requirement. You may just be the right candidate for this or other roles!


 


OUR OFFER
 

Zalando provides a range of benefits, here’s an overview of what you can expect. Ask your Talent Acquisition Partner to learn more about what we offer.

  • Employee shares program

  • 40% off fashion and beauty products sold and shipped by Zalando, 30% off Zalando Lounge, discounts from external partners

  • 2 paid volunteering days a year

  • Hybrid working model with 60% (or more) remote per week, actual practice is up to each team to best support their collaboration

  • Work from abroad for up to 30 working days a year

  • 27 days of vacation a year to start

  • Relocation assistance available (subject to prior agreement)

  • Family services, including counseling and support

  • Health and wellbeing options (including Gympass)

  • Mental health support and coaching available

Learn all about Zalando and our values here: https://jobs.zalando.com/en/?gh_src=22377bdd1us 





 

Recruiter

Ana Ermilova

ana.ermilova@zalando.de

Please note that all applications from this job page must be completed using the online form - we do not accept applications via e-mail. Once reviewed, our recruiters will contact applicants via an official Zalando email address (@zalando.de).

In some cases we also work with a selection of headhunters and agencies to fill specific roles. Please note that neither Zalando nor our recruiting partners will ask for any kind of payment to apply for a job or attend an interview.

If you have any questions about our recruitment process, please take a look at our FAQ page.

About Zalando

It’s the perfect time to join Zalando on our journey to build the leading pan-European ecosystem for fashion and lifestyle e-commerce. Help us offer an inspiring and quality multi-brand shopping experience for fashion and lifestyle products to about 50 million active customers in 25 markets. Or be part of our logistic infrastructure, software or service capabilities to help brands and retailers run and scale their entire e-commerce business, on or off Zalando. Join our Zalando ecosystem, to enable positive change for the fashion and lifestyle industry. 

Learn more about our culture