Cyber GRC Manager

Information Security Lead Location: Munich Our client is looking for a seasoned security professional to lead and develop their organisation’s information security strategy. This role covers policy development, regulatory alignment, and oversight of security operations across multiple locations. The successful candidate will collaborate closely with senior leadership and report directly to the CISO. Key Responsibilities: Set the direction for the company’s overall information security strategy. Oversee a team managing core security functions and initiatives. Support risk identification and mitigation across systems and data. Ensure compliance with relevant regulatory and data protection requirements. Coordinate security incident response activities. Champion security awareness across the organisation. Act as a point of contact for external assessments and audits. Monitor emerging risks and recommend improvements. Candidate Profile: Extensive experience in cybersecurity, preferably in regulated sectors. Proven track record in leading teams and driving security programs. Working knowledge of recognised frameworks and standards. Strong understanding of risk, governance, and compliance. Effective communicator with senior stakeholder engagement experience. Fluent in German and English. Professional certifications (e.g. CISSP, CISM) are beneficial. What’s Offered: Competitive compensation with performance-related incentives. Hybrid working model in an international, collaborative environment. Ongoing support for professional growth and development.

Cyber GRC Manager Location: Munich Our client is seeking a Cyber GRC Manager to help organisations strengthen governance, risk, and compliance frameworks that enable secure digital transformation. You’ll bridge technology, processes, and regulation to build resilient foundations for growth. Key Responsibilities: Develop and optimise GRC and security processes to improve efficiency and resilience. Design and implement solutions using platforms such as ServiceNow, OneTrust, or Corporater. Translate complex regulatory requirements into clear, actionable strategies. Lead projects in Integrated Risk Management, Third-Party Risk, Business Continuity, or Security Operations. Evolve GRC frameworks and methodologies across global teams. Act as a trusted advisor, offering strategic guidance beyond technical delivery. Skills & Experience: 3+ years in cybersecurity, GRC, or IT transformation. Strong knowledge of ISO 27001, NIS2, DORA, or similar frameworks. Excellent communication skills in German and English. Degree in economics, engineering, computer science, law, or related field. Willingness to travel for client projects. What’s on Offer: Time and budget for professional growth and certifications. Purpose-driven projects focused on lasting impact. Flexible, collaborative work environment. Comprehensive benefits including health, mobility, and international learning opportunities.

Application Security Expert Location: Stuttgart Our client is seeking an Application Security Expert to join their team. You will champion security integration across software development processes, ensuring applications and enterprise systems stay robust against emerging cyber threats. Key Responsibilities: Embed security principles in design, development, and deployment workflows. Lead security testing initiatives including penetration tests, code reviews, and continuous vulnerability assessments. Oversee vulnerability management, coordinating timely remediation efforts. Define security performance metrics and conduct threat analysis for critical systems. Partner with technical and business teams to foster secure-by-design culture. Support security incident response and maintain compliance with relevant industry standards and regulations. Incorporate security controls into DevSecOps practices and help establish secure development standards. Qualifications & Experience: Degree in Computer Science, Information Security, or related discipline. Minimum 5 years’ experience in application security, secure development, or penetration testing, with exposure to complex ERP environments. Proven track record in securing enterprise-scale applications and reporting on security metrics. Strong knowledge of common web and application security risks, threat modelling, and modern security testing tools. Experience with role-based access control, application security frameworks, and code scanning techniques. Familiarity with cloud security across major providers and securing APIs, containers, and microservices. Proficient in several programming languages including Java, Python, JavaScript/TypeScript, and platform-specific scripting. Analytical, self-motivated, effective communicator with a collaborative and solution-oriented approach.

Incident Response Lead Location: Frankfurt Our client is seeking an experienced and highly motivated Incident Response Lead to join their cybersecurity team. In this senior-level role, you will support the Incident Response Lead in directing, coordinating, and managing all aspects of cybersecurity incidents across the organisation. You will help shape incident response strategy, oversee complex investigations, and guide a global team of analysts and engineers to ensure rapid, effective, and consistent response to threats. Key Responsibilities: Assist the Incident Response Lead in managing the full lifecycle of cyber incidents, including detection, triage, investigation, containment, eradication, and recovery. Act as second-in-command and escalation point for major or complex security incidents. Lead incident response activities during critical events, ensuring alignment with established protocols and reporting requirements. Coordinate cross-functional teams (Security Operations, Engineering, Legal, Compliance, Communications, etc.) to ensure effective and timely incident handling. Oversee incident documentation, root-cause analysis, and preparation of post-incident reports for senior leadership. Develop and refine incident response processes, playbooks, and standard operating procedures to enhance organizational readiness. Provide mentorship and technical guidance to incident responders, analysts, and other cybersecurity team members. Perform proactive threat hunting, adversary analysis, and forensic investigations to identify security weaknesses. Monitor evolving threat landscapes and support the implementation of tools, techniques, automation, and technologies that strengthen incident response capabilities. Contribute to regulatory, audit, and compliance efforts related to cybersecurity and incident reporting requirements in the EU and Germany. Support training and tabletop exercises to maintain high readiness and maturity across the incident response program. Qualifications: Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent professional experience). 6+ years of experience in cybersecurity, with at least 3 years in incident response, digital forensics, or threat detection. Strong understanding of security operations, SIEM tools, EDR/XDR platforms, and forensic methodologies. Experience coordinating technical teams during complex or high-severity incidents. Excellent analytical and problem-solving skills, with the ability to remain calm and decisive under pressure. Knowledge of industry frameworks (e.g., NIST, MITRE ATT&CK, ISO 27035). Fluent in English; working proficiency in German preferred. Professional certifications such as GCIH, GCIA, GCFA, CISM, CISSP, or similar. Experience working in regulated industries (e.g., finance, critical infrastructure). Familiarity with cloud environments (AWS, Azure, GCP) and hybrid architectures. What We Offer: Competitive compensation and benefits package. Career growth opportunities within a global cybersecurity organization. A dynamic, collaborative environment with cutting-edge security technologies. Hybrid working options and modern office space in central Frankfurt.