Security Risk & Compliance Specialist (PID0634)

This is a remote position.

Security Risk & Compliance Specialist (PID0634) ISRC

• Contract / Freelance
  
• Full-time
  
• Remote with travel readiness required (Germany)
  
• Start: 01/06/2026
  
• Senior level
  

About the role

We are seeking a Senior Security Risk & Compliance Specialist to join the Information Security, Risk and Compliance function of a large internal platform programme in the energy sector. Working within a cloud-native, hybrid platform environment, you will translate control objectives and compliance requirements into actionable technical controls and non-functional requirements, and provide guidance to product line security champions across the programme.

What you'll be doing

• Deriving concrete technical controls from high-level control objectives and frameworks such as NIS2 and ISO 27001
  
• Converting compliance and risk requirements into clear non-functional requirements (NFRs) for product lines and platform architecture
  
• Maintaining the NFR "Security" category and providing recommendations on definition-of-done for control implementation and testing
  
• Contributing to Product Release Specification (PRS) workflows by validating security-related inputs
  
• Enabling product line security champions and architects to implement requirements in alignment with ISRC governance structures
  
• Providing technical clarification during review cycles and identifying gaps in security-related design decisions
  
• Offering hands-on technical guidance to product lines when deeper analysis is required, while ensuring they remain the accountable implementation owner
  
• Collaborating with architects, product lines and governance teams to ensure consistent control adoption across the programme
  
• Facilitating communication and enablement activities for new or updated controls
  

Requirements

What you'll need

• 3+ years of experience in security architecture, security engineering, cloud security or a related field
  
• Strong grounding in security architecture principles, secure design patterns and DevSecOps frameworks
  
• SME-level experience in at least one of the following: Security Architecture and Design, Cloud Security, Identity and Access Management, Application Security, DevSecOps and Automation, Incident Response and Resilience, or Cryptography and Data Protection
  
• Experience translating technical security requirements into actionable designs and documentation
  
• Fluent English, spoken and written (C1 minimum)
  

Desirable

• Experience designing and implementing security and compliance controls for platforms
  
• Familiarity with threat modelling methodologies and risk assessment
  
• Experience with DevSecOps practices and tools for integrating security into platform development
  
• Experience with cloud posture management and detection tools (CSPM, KSP, workload protection)
  
• Knowledge of security and compliance frameworks including ISO/IEC 27001, CSA CCM, BSI Grundschutz, NIST CSF and NIST OSCAL
  
• Familiarity with sector-specific regulations such as NIS2, CRA, KRITIS and BSI C5
  
• Understanding of CNCF-related ecosystems (Kubernetes, KeyCloak, Kyverno, Trivy, etc.)
  

Benefits

Als Freiberufler / Auftragnehmer bei uns genießen Sie flexible Arbeitszeiten und die Freiheit, Ihre eigenen Projekte zu wählen. Unsere Plattform bietet Ihnen Zugang zu spannenden Projekten in verschiedenen Branchen und unterstützt Sie bei Ihrer beruflichen Entwicklung. Sie profitieren von einer attraktiven Vergütung und einem engagierten Team, das Ihnen bei Fragen zur Seite steht. Arbeiten Sie unabhängig und nutzen Sie unser starkes Netzwerk, um Ihre beruflichen Ziele zu erreichen.