We are looking for a Cloud Security Process Specialist (f/m/d) for our client.

 

Start: 15.06.2026

Duration: 31.12.2026++

Capacity: 100%

Location: 75% Remote, 25% Frankfurt (occasionally, sometimes Berlin)

1 week Frankfurt / 3 weeks remote in rotation, up to 50% onsite in peak times

Language: English is a must (C1), German is a plus (C1)

 

Team:

Information Security, Risk and Compliance (ISRC) is a vital and independent function which focuses on embedding robust security and compliance practices throughout the product portfolio, platform management and architecture.

ISRC consults designing and managing secure systems for the cloud platform through leading security design, threat modeling, and compliance

initiatives to ensure a resilient architectural foundation.

Ensuring security related processes to enhance platform visibility and

implement streamlined, effective security workflows for operational integrity. Additionally, ISRC consults with all product lines to integrate DevSecOps practices, emphasizing secure code analysis, supply chain security, and automated security testing to deliver robust, secure product development lifecycles.

 

Tasks:

- Provide expertise in analyzing, designing, and optimizing Information Security, Risk, and Compliance processes across the program, ensuring they are efficient, pragmatic, scalable, and aligned with the operating model.

- Ensure ISRC processes effectively support key security and compliance activities without performing them directly, by enabling stakeholders through well designed workflows, interfaces, and governance structures.

- Support adoption of secure design principles and ISRC best practices by embedding them into processes, workflows, and decision making structures

- Contribute to organizational development by aligning ISRC processes, tools, and roles with the evolving operating model.

 

Skills (must-have):

- Hands on exposure to security, risk, and compliance processes in a larger organization.

- Ability to analyze and improve workflows (e.g., risk management, compliance, NFRs, architecture reviews).

- Solid grasp of enterprise security and compliance frameworks and their impact on delivery.

- Experience working with technical teams, architects, and GRC stakeholders.

- Ability to understand and review technical designs without being the implementer.

- Skill in turning compliance or risk requirements into actionable steps or process changes.

- Experience contributing to roles, responsibilities, and decision structures.

- Experience embedding security/compliance checks into delivery processes.

- Ability to align diverse stakeholders and explain ISRC topics clearly.

- Experience supporting workshops or knowledge sharing activities.

- Comfortable promoting secure and compliant ways of working.

 

Skills (should-have):

- Knowledge and experience with security standards and frameworks:

- Familiarity or certification with frameworks such as:

o ISO 27001 / 27005

o OWASP ASVS, etc.

- Certifications such as:

o CISSP, OSCP, OSWA

- Strong capability in stakeholder management.