Information Security Compliance Engineer

You will join an independent Quality & Compliance function and help maintain and develop the organization’s information security compliance framework. The role includes internal assurance work (e.g., internal audits and continuous improvement) and client-facing activities (e.g., customer audits, security questionnaires, and due diligence). You will act as a trusted advisor for both internal stakeholders and external clients, providing clear and actionable guidance on security and compliance topics.

• 2–4 years of experience in information security / compliance / risk (IT environment preferred)
• Practical knowledge of ISO/IEC 27001 (ISMS, audits, controls, corrective actions)
• Good understanding of GDPR and data protection
• Familiarity with NIS2
• Ability to assess security controls (governance perspective)
• Very good English (spoken and written)
• Strong analytical skills and attention to detail
• Ability to communicate clearly with technical and non-technical stakeholders
• Self-driven mindset and ability to manage multiple topics independently
• Professional approach, high integrity, and attention to confidentiality

Nice to have:

• Experienced in using AI tools in day-to-day workflow
• Experience with TISAX / VDA ISA
• Other ISO-based management systems (e.g. ISO 9001)
• ISO 27001 Lead Auditor or CISA certification
• Experience in consulting roles

• Maintain and improve ISMS (ISO 27001, TISAX)
• Support internal and external audits
• Identify compliance gaps and track improvements
• Create and update policies, standards, and procedures
• Support GDPR, NIS2, and other regulatory requirements
• Assist with customer audits and security questionnaires
• Provide basic advisory support to clients
• Conduct high-level security and compliance assessments