The Team:
Our Global information security organization is responsible for security and trust. We manage security and compliance for Celonis. We continuously govern the security program of Celonis and maintain security certifications required by our customers. The Information Security Trust team is looking for a new member in our Governance and Compliance team.
The Role:
Celonis is looking for talented GRC security analyst to join our Information Security Trust Org. You will collaborate with different departments to ensure compliance with regulations and industry standards. In order to be successful you will need to have strong communication, research skills, and attention to detail. In this role, you will have the opportunity to significantly contribute in maintaining a secure and compliant environment at Celonis, safeguarding against risks and ensuring adherence to legal and industry standards.
The work you’ll do:
- As GRC Information Security Analyst, you will support the planning and execution of our global information security and IT compliance initiatives and audits.
- Using your analytical skills, you will assist with monitoring of security measures performance and recommend security enhancements.
- You will support planning and successful implementation, documentation and scaling of our ongoing information security and compliance efforts.
- You will work with involved departments like Product & Engineering, IT, Procurement, Legal and HR and will assist in adjusting existing and creating new relevant processes to align company objectives with information security and compliance needs.
- In preparation for external audits, you will support monitoring, evidence collection, gap assessments and reviews as needed.
The qualifications you need:
- 2+ years of working experience in a related role.
- Proficient in information security fundamentals, including network security, encryption, and access controls.
- General understanding of common security standards and regulations (e.g. SOC2, ISO2700x, VDA TISAX, HIPAA, etc.).
- Ability to develop and maintain basic GRC documentation, such as policy and procedure documents or project plans.
- Assist in conducting risk assessments or audits, including documenting results
- Able to review some types of evidence and determine operating effectiveness of controls.
- Experience using GRC tools and platforms (this is a plus, but not necessary).
- Basic understanding of Cloud Environments and Software as a Service offerings.
- Excellent interpersonal, communication, and presentation skills, including formal report writing experience.
- Fluent and comfortable in working in English language. German language knowledge is a plus.