Your responsibilities:

• conducting security assessments and control validation across products, systems and internal processes,
• evaluating the effectiveness of technical and administrative security controls using frameworks such as ISO 27001, NIST 800-53, SOC2 and industry standards,
• performing continuous assurance activities to maintain compliance with internal policies and external regulatory requirements,
• identifying control gaps, preparing clear findings and tracking remediation activities,
• supporting risk assessments by analyzing security risks and recommending mitigation strategies,
• reviewing system architectures, data flows and configurations for assurance considerations,
• providing expert input for security exception processes and risk treatment plans,
• collaborating with engineering, IT, product security, procurement and operations to embed assurance requirements,
• participating in design reviews, supplier risk evaluations and security improvement initiatives,
• creating assurance reports, dashboards and metrics for leadership visibility,
• analyzing trends from assessments and incidents to identify systemic improvement opportunities,
• contributing to the development of security assurance strategy, processes and tooling.

Our requirements:

• bachelor’s degree in Information Security, Computer Science, IT or a related field (or equivalent experience),
• 3+ years of experience in security assurance, security compliance, audit, risk management or technical security roles,
• strong understanding of security frameworks such as IEC 62443, ISO 27001, NIST CSF, NIST 800-53, SOC 2 and CIS Controls,
• experience conducting assessments, validating controls or supporting security audits,
• ability to interpret technical architectures, security controls and risk impacts,
• excellent communication skills, with the ability to translate technical findings into clear, actionable guidance,
• strong analytical and problem‑solving skills with high attention to detail.

Optional:

• certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Auditor/Implementer or Security+,
• experience in regulated industries such as automotive, critical infrastructure, financial services, cloud or manufacturing,
• familiarity with secure development practices, cloud security or product security assurance,
• experience with GRC or assurance tools such as Archer, ServiceNow GRC, OneTrust or Drata.

We offer:

• stable employment and long‑term career growth,
• annual bonus up to 10% of your annual gross base salary,
• flexible hours (start between 7:00 and 9:30 a.m.),
• hybrid work model,
• private healthcare (upgrade options and family add‑ons),
• subsidized Multisport membership,
• partial funding for professional training,
• life insurance,
• vacation allowance,
• benefit points through the MyBenefit platform,
• access to company events,
• a comprehensive, role‑specific training program,
• opportunities for development and upskilling,
• a friendly culture and supportive team,
• additional bonuses and recognition awards.