Security Risk & Compliance Specialist (PID0634)

This is a remote position.

Security Risk & Compliance Specialist (PID0634) ISRC

Contract / Freelance

Full-time

Remote with travel readiness required (Germany)

Start: 01/06/2026

Senior level

About the role

We are seeking a Senior Security Risk & Compliance Specialist to join the Information Security, Risk and Compliance function of a large internal platform programme in the energy sector. Working within a cloud-native, hybrid platform environment, you will translate control objectives and compliance requirements into actionable technical controls and non-functional requirements, and provide guidance to product line security champions across the programme.

What you'll be doing

Deriving concrete technical controls from high-level control objectives and frameworks such as NIS2 and ISO 27001

Converting compliance and risk requirements into clear non-functional requirements (NFRs) for product lines and platform architecture

Maintaining the NFR "Security" category and providing recommendations on definition-of-done for control implementation and testing

Contributing to Product Release Specification (PRS) workflows by validating security-related inputs

Enabling product line security champions and architects to implement requirements in alignment with ISRC governance structures

Providing technical clarification during review cycles and identifying gaps in security-related design decisions

Offering hands-on technical guidance to product lines when deeper analysis is required, while ensuring they remain the accountable implementation owner

Collaborating with architects, product lines and governance teams to ensure consistent control adoption across the programme

Facilitating communication and enablement activities for new or updated controls

Requirements

What you'll need

3+ years of experience in security architecture, security engineering, cloud security or a related field

Strong grounding in security architecture principles, secure design patterns and DevSecOps frameworks

SME-level experience in at least one of the following: Security Architecture and Design, Cloud Security, Identity and Access Management, Application Security, DevSecOps and Automation, Incident Response and Resilience, or Cryptography and Data Protection

Experience translating technical security requirements into actionable designs and documentation

Fluent English, spoken and written (C1 minimum)

Desirable

Experience designing and implementing security and compliance controls for platforms

Familiarity with threat modelling methodologies and risk assessment

Experience with DevSecOps practices and tools for integrating security into platform development

Experience with cloud posture management and detection tools (CSPM, KSP, workload protection)

Knowledge of security and compliance frameworks including ISO/IEC 27001, CSA CCM, BSI Grundschutz, NIST CSF and NIST OSCAL

Familiarity with sector-specific regulations such as NIS2, CRA, KRITIS and BSI C5

Understanding of CNCF-related ecosystems (Kubernetes, KeyCloak, Kyverno, Trivy, etc.)

Benefits

Als Freiberufler / Auftragnehmer bei uns genießen Sie flexible Arbeitszeiten und die Freiheit, Ihre eigenen Projekte zu wählen. Unsere Plattform bietet Ihnen Zugang zu spannenden Projekten in verschiedenen Branchen und unterstützt Sie bei Ihrer beruflichen Entwicklung. Sie profitieren von einer attraktiven Vergütung und einem engagierten Team, das Ihnen bei Fragen zur Seite steht. Arbeiten Sie unabhängig und nutzen Sie unser starkes Netzwerk, um Ihre beruflichen Ziele zu erreichen.