MenuMenu

Senior Security Risk Manager (all genders)

Location
Berlin
Contract
Full time
Job Category
Cybersecurity

THE ROLE & THE TEAM
 

As a Senior Security Risk Manager in the Information Security - Security Risk & Governance Team at Zalando, your role is crucial in maintaining the trust of customers, stakeholders, and employees by enabling a process to identify, assess, and manage security risks effectively. 

You will be responsible for answering any questions related to Security Risk and Governance and will play a key role in shaping the Security Risk Management process for both internal applications and third parties.


 

WHAT WE’D LOVE YOU TO DO (AND LOVE DOING)
 

  • Implement, maintain and continuously improve the organization's information security compliance framework.

  • Monitor and ensure compliance with relevant legislation, regulations and standards, including DORA, GDPR, PCI-DSS, SOC2, NIST CSF and other applicable frameworks.

  • Contribute to the development, review and maintenance  of information security policies, procedures, and controls to operationalize the frameworks across the organization.

  • Design, implement and maintain the organization’s information security risk management framework to assess risks for projects, systems, and processes.

  • Establish and oversee a robust security governance framework that aligns with industry best practices.

  • Collaborate closely with the legal team to stay updated on regulatory changes and advise the organization on their implications.

  • Provide guidance on staying compliant with regulatory requirements related to cyber security.

  • Prepare and present regular reports on security risks, compliance status, and improvement initiatives to senior leadership.

  • Develop key performance indicators (KPIs) to measure the effectiveness of risk management efforts.



WE'D LOVE TO MEET YOU IF …
 

  • You have 6+ years of experience working in Security Governance, Risk and Compliance functions.

  • You demonstrate strong communication skills and good interpersonal skills. You are a team player and can work with engineering teams and business stakeholders.

  • You have strong knowledge and experience implementing security and privacy frameworks, regulations and standards, such as NIST CSF, GDPR, ISO 2700x, SOC 2, PCI DSS, NIS2, CRA. 

  • You have a familiarity with the Secure Control Framework (SCF).

  • You have experience in addressing security regulations, breaking down obligations and translating regulatory requirements into security operational requirements,

  • You can communicate security risk-related concepts to technical and nontechnical audiences.

  • You have exceptional attention to detail, strong program/project management skills, analytical proficiency, and experience in operationalizing and developing scalable security processes in complex environments.

  • You have security certifications (e.g. CISSP, CRISC, CISM, ISO 27001 Lead Auditor/Implementer) as a plus.
     


OUR OFFER
 

Zalando provides a range of benefits, here’s an overview of what you can expect. Ask your Talent Acquisition Partner to learn more about what we offer.

  • Employee shares program

  • 40% off fashion and beauty products sold and shipped by Zalando, 30% off Lounge by Zalando, discounts from external partners

  • 2 paid volunteering days a year

  • Hybrid working model with up to 60% remote per week, actual practice is up to each team to best support their collaboration

  • Work from abroad for up to 30 working days a year

  • 27 days of vacation a year to start for full-time employees

  • Relocation assistance available (subject to prior agreement)

  • Family services, including counseling and support

  • Health and wellbeing options (including Wellhub)

  • Mental health support and coaching available

  • Drive your development through our training platform and biannual peer-to-peer review


INCLUSIVE BY DESIGN
 

At Zalando, our vision is to be the leading pan-European ecosystem for fashion and lifestyle e-commerce - one that is inclusive by design. We only assess candidates based on qualifications, merit, and business needs. We welcome applications from people of all gender identities, sexual orientations, personal expressions, racial identities, ethnicities, religious beliefs, and disability statuses. We only want to know why you’re great for this role, so please avoid including your picture, age, and marital status in your CV as well.

We want to provide you with a great candidate experience. Please feel free to inform us of any accommodations you may need, so we can best support and assist you throughout the hiring process.

do.BETTER - our diversity & inclusion strategy: https://jobs.zalando.com/en/our-culture/diversity-and-inclusion

Recruiter

Ana Ermilova

ana.ermilova@zalando.de

Please note that all applications from this job page must be completed using the online form - we do not accept applications via e-mail. Once reviewed, our recruiters will contact applicants via an official Zalando email address (@zalando.de).

In some cases we also work with a selection of headhunters and agencies to fill specific roles. Please note that neither Zalando nor our recruiting partners will ask for any kind of payment to apply for a job or attend an interview.

If you have any questions about our recruitment process, please take a look at our FAQ page.

About Zalando

It’s the perfect time to join Zalando on our journey to build the leading pan-European ecosystem for fashion and lifestyle e-commerce. Help us offer an inspiring and quality multi-brand shopping experience for fashion and lifestyle products to about 50 million active customers in 25 markets. Or be part of our logistic infrastructure, software or service capabilities to help brands and retailers run and scale their entire e-commerce business, on or off Zalando. Join our Zalando ecosystem, to enable positive change for the fashion and lifestyle industry. 

Learn more about our culture