Governance, Risk, and Compliance Engineer (m/f/d)
As the Governance, Risk and Compliance (GRC) Engineer, you will be responsible for developing and implementing a comprehensive governance, risk and compliance program across the company's digital ecosystem. Working closely with the Chief Digital Officer and the cybersecurity team, you will ensure that the company's IT and digital operations are compliant with applicable laws, regulations and standards, while also identifying, prioritizing, and mitigating cybersecurity and privacy risks.
More specifically, you will:
- Develop and implement a governance, risk and compliance program for the company's digital ecosystem, including IT systems, applications, networks, data and cloud services
- Ensure compliance with applicable laws, regulations and standards, including data privacy, cybersecurity, and IT governance frameworks (e.g. ISO 27001, NIST, COBIT)
- Conduct regular risk assessments and vulnerability scans to identify and prioritize potential cybersecurity and privacy risks
- Develop and implement risk mitigation strategies, controls, and procedures to minimize the impact of identified risks
- Monitor and report on compliance and risk status to senior management and other stakeholders
- Develop and deliver GRC training and awareness programs to employees and contractors
- Work closely with the IT and cybersecurity teams to ensure alignment of GRC policies and procedures with technical security controls
- Support the risk manager to established a corporate risk evaluation matrix
- Maintain awareness of changes to regulations, compliance guidelines, assessment methodologies, and the emerging TTPs; recommend proactive changes to controls, policies, and procedures in response to these changes.
Who you are and what you have
- Bachelor's or Master's degree in Computer Science, Information Technology, Cybersecurity, or related field
- Minimum of 5 years of experience in IT governance, risk, and compliance, preferably in a regulated industry
- Strong knowledge of applicable laws, regulations and standards related to cybersecurity and privacy, such as ISO 27001, NIST CSF, GDPR, and EU Cyber Resilience Act
- Experience in developing and implementing GRC frameworks, policies, and procedures
- Experience in conducting risk assessments, vulnerability scans, and penetration testing
- Strong analytical and problem-solving skills, with the ability to identify, prioritize, and mitigate risks
- Excellent communication and interpersonal skills, with the ability to build relationships with stakeholders at all levels of the organization
- Fluent in English
Nice to Have:
- Certifications such as CISSP, CISM, CRISC, or GRCP
- 30 days holiday
- Subsidised lunch
- Individual learning budget
- Virtual company shares
- Qualitrain Sport Clubs membership
- Customized company pension plan
Who we are
We are Isar Aerospace and we are at the forefront of New Space building a modern space business to enable faster, better and cheaper access to space.
Our mission is to help democratise space and use it for good in order to improve life on Earth now and for the future generations.
We are a fast-growing company aiming to provide sustainable and environmentally friendly launch solutions for small and medium-sized satellites and constellations into Low Earth Orbit. The company is privately funded by world-leading technology investors with strong commitment and support and our team is made of driven and talented people with a real passion for space innovation.
We're making rockets in a way that hasn't been done before disrupting a traditional industry. If you are up for the challenge, want to work on cutting-edge projects and be part of a team changing the world for better, come, join us and launch your career!
Want to find out more about us?