Compliance Manager (m / f / d)

Full Time
Munich, Germany
10 months ago
Location

Munich, hybrid (3 home office days per week)

SHAPE THE FUTURE OF PRIVACY WITH USERCENTRICS

Usercentrics is a global leader in the field of consent management platforms (CMP). We follow our company vision to build a world where user privacy enables a thriving digital ecosystem. Our mission is to provide privacy solutions that empower organizations to embrace data privacy while building trust with their users through freedom of choice. With our product, businesses can collect, manage and document user consents on websites and apps, and achieve full compliance in accordance with global privacy regulations while facilitating high consent rates and building trust with their customers.We are looking for a motivated and engaged Compliance Manager (m / f / d) to support our legal and compliance team in Munich.Your primary responsibility will be to oversee contractual and regulatory requirements as well as our compliance programmes. You will serve as a lead for defining new controls and processes, including facilitation of the remediation of identified control gaps. Further you will be a critical representative for IT Governance, spanning across all functions of the organisation covering control subject areas including policies and procedures, application security, access and incident management.

Your Tasks

In our Legal and Compliance Team one main focus is set on the topics of data protection, information security, compliance and ISO/SOC/TISAX/HIPAA/Soc II etc. certifications in an international context. In this context you will take over the following tasks:

  • You will drive the coordination and implementation and will be Project Owner for the maintenance and improvement of our Information Security Management System (ISMS), our Data Protection Management System (DPMS) and our actual Compliance Management Tool (IKS Adonis) and other tools
  • Project Lead and Coordinator for our current and future certifications and external audits and assessments
  • Designing and implementing of Compliance Guidelines and Concepts and conducting of Inhouse Trainings for our teams, especially in the area of information security, data protection and Compliance
  • Planning of awareness measures to sensitive our employees and internal stakeholders and conduction of specific trainings and control of improvement to continuously improve our our processes
  • Independent control and optimisation of our existing control systems, creation of Risk Assessments and create/improve measures accordingly
  • Support in improving our internal Compliance organisation; Preparing reports on current risk and compliance performance
  • Analysis of our existing business processes and evaluation of our processes on the basis of information security and data privacy criteria
  • Counseling for the usage and suitability of IT systems and infrastructure solutions
  • Maintenance of existing and establishment of new process directories according to GDPR

You Bring

You demonstrate passion for innovation, risk management, and a mature understanding of Information Technology and possess:

  • University degree of Computer Science, Business Informatics, IT-Management, Information Security, Law, Economics Law or comparable education with a strong connection to IT Governance
  • Minimum of 3-5 years experience in a comparable role and in the area of information security and data privacy
  • Having former auditor experience, especially for ISO 27001, SOC II type 1 or 2 and/or HIPAA
  • Relevant certifications are of advantage, e.g. Information Security Foundation, Officer or Auditor according to ISO27001, TISAX®, SOC type II, HIPAA, Data Protection Officer or equivalent certifications or rather willingness to obtain those 
  • Advanced knowledge in the field of information security (min. ISO27001, the following are a big plus: VDA ISA / TISAX®, SOC, HIPAA etc.) and data privacy (GDPR and other relevant data privacy laws a plus)
  • Track record as internal/external ISO officer is a bug plus and willingness to take over this role within the Company
  • Experience evaluating the design and effectiveness of IT controls
  • A strong understanding of the IT general control areas and the IT governance framework
  • Advanced understanding of risk and compliance combined with the ability to clearly communicate risk in a concise manner that helps drive change; build consensus amongst senior leaders and executives
  • Fluent in German and English (in writing and verbal form) as we are an English speaking environment

Why join Usercentrics?

  • Joining Usercentrics means becoming part of a fast-growing, diverse and international team of tech enthusiasts and entrepreneurially-minded who build our success story together
  • Company culture is important to us - we strive to continuously develop a positive, vibrantand inspiring environment that enables everyone to thrive both personally and professionally
  • Get involved! We have plenty of initiatives and love to see people from all department enthusiastically participating and shaping our future together in different cross-department projects
  • Your work-life balance is important to us too - we offer flexible working hours, hybrid working and the possibility of workcations (in accordance with our company policy)
  • We always remember to have fun along the way, both in our day-to-day work and at our regular team events on site in our offices in Munich, Copenhagen, Odense, Lisbon and Prague or online
  • You are the most valuable asset to our company which is why we’re happy to offer awesome benefits like our personal development budget, job-related language courses and a lot more (depending on your location) to focus on your well being