Stellenbeschreibung
For our client we are looking for a Cloud Security Risk & Compliance Specialist (f/m/d).
Start: 15.06.2026
Duration: 31.12.2026++
Capacity: 100%
Location: 75% Remote, 25% Frankfurt (occasionally, sometimes Berlin)
1 week Frankfurt / 3 weeks remote in rotation, up to 50% onsite in peak times
Language: English is a must (C1), German is a plus (C1)
Team:
Information Security, Risk and Compliance (ISRC) is a vital and independent function which focuses on embedding robust security and compliance practices throughout the product portfolio, platform management and architecture.
ISRC consults designing and managing secure systems for the cloud platform through leading security design, threat modeling, and compliance
initiatives to ensure a resilient architectural foundation.
Ensuring security related processes to enhance platform visibility and
implement streamlined, effective security workflows for operational integrity. Additionally, ISRC consults with all product lines to integrate DevSecOps practices, emphasizing secure code analysis, supply chain security, and automated security testing to deliver robust, secure product development lifecycles.
Tasks:
- Translate control objectives and compliance requirements into actionable technical controls and non-functional
requirements (NFRs)
- Drive and encourage of security review and consulting processes
- Provide technical guidance to Product Line Security Champions
- Ensure consistent adoption of controls and NFRs across the platform
Skills (must-have):
- Experience in security architecture principles, secure design patterns, DevSecOps and frameworks.
- SME-Experience in at least one following security domains:
o Security Architecture and Design, Cloud Security,
o Identity and Access Management (IAM), Application Security,
o DevSecOps and Automation,
o Incident Response and Resilience,
o Cryptography and Data Protection
- Experience in translating technical security requirements into actionable designs and documentation
Skills (should-have):
- Experience to design and implement security and compliance controls for platforms.
- Experience with threat modeling methodologies and risk assessment.
- Experience with DevSecOps practices and tools for integrating security into platform development
- Experience with cloud posture management and detection tools (CSPM, KSP, Workload protection)
- Good command and understanding of security & compliance standards and frameworks including ISO/IEC 27001, CSA CCM, BSI Grundschutz, CSI, NIST CSF, NIST OSCAL, etc.
- Experience in sector-specific regulations (e.g. NIS2, CRA, KRITIS, BSI C5, …)
- Good understanding of CNCF-related ecosystems (e.g. Kubernetes, KeyCloak, Kyverno, Trivy, etc.)