Compliance Lead

The primary objective of this role is to implement a comprehensive customer assurance strategy and action plans. The focus is on enhancing and driving the Cyber Security Compliance program to meet requirements across various frameworks, including Data Privacy, ISO 27001, ISO 22301, Cloud Security Alliance, and TISAX/VDA. Analyze information security requirements from external customers and executed projects to ensure compliance. Define and report Cyber Security Risk Dashboard, providing a clear overview of potential risks and vulnerabilities. Publish KPI metrics for both Cyber Security and Compliance areas, regularly reporting on their status. Execute periodic Compliance assessments and collaborated with Internal and External Audit teams to ensure adherence to security standards and regulations.

1. Understand information security requirements from external OEM/customers and execute projects to ensure compliance.
2. Manage the compliance program across frameworks such as GDPR, ISO 27001, Data Privacy, PCI, SOX, ISO 22301, Cloud Security Alliance, TISAX/VDA.
3. Oversee compliance tracking and reporting processes for Cyber Security governance frameworks, regulatory, and client compliance requirements.
4. Define the strategy for TISAX certification, supporting and coordinating organizational security certifications with external auditors/agencies.
5. Own internal and external audit coordination, reviewing evidence submissions, and ensuring closures.
6. Ensure the effectiveness of the Vulnerability Management program.
7. Implement, improve, and sustain policies, standards, and procedures in line with evolving security governance frameworks, regulatory, and customer compliance requirements.
8. Deploy and drive periodic Cybersecurity awareness programs for employees, plants, and sites based on the Cyber Security policy and standards framework.
9. Enhance and publish KPI/KRI metrics dashboard for Cyber Security & Compliance areas.
10. Manage and coordinate internal security reviews and architecture reviews.
11. Drive GDPR incident management/breach notification processes.
12. Guide functional IT team members, reviewing control implementation as per defined IT processes.
13. Identify gaps in the control process and operating environment for all in-scope applications and services.
14. Assist senior management in defining control objectives and monitoring compliance efforts.

1. Bachelor's degree in information technology or a related discipline.
2. 10+ years of total experience with 5+ years of relevant IT audit and compliance program experience.
3. Exposure to Cloud and infrastructure experience is advantageous.
4. Hands-on experience managing Risk/Compliance projects based on NIST (or equivalent) framework.
5. Knowledge of general security concepts and methods related to IT audit controls.
6. Ability to work independently with limited supervision.
7. Project management experience.
8. Strong communication and interpersonal skills.

• Experience implementing or evaluating security compliance requirements for NIST, SOX, PCI, ISO 27001, GDPR.
• Strong understanding of Cyber Security concepts.
• Experience with performing or reviewing enterprise risk assessments.
• Experience with evaluating or writing security policies to meet compliance requirements.
• Ability to work independently with limited supervision.

• CISSP, CISA, CDPSE, ISO27001 accreditations preferred.
• TISAX/VDA control knowledge and implementation experience.