Global Cybersecurity & Compliance Sr. Specialist

Cyber Security & Compliance Sr. Specialist

Supports the implementation, monitoring, and enforcement of cybersecurity measures and regulatory compliance across the organization. The role helps ensure that IT systems and processes align with internal security policies, data protection laws, and industry standards, including the NIS2 Directive (Network and Information Security). Key responsibilities include conducting risk assessments, supporting audits, managing security controls, incident response coordination, and promoting awareness to foster a culture of security and compliance throughout the organization.

Key Activities

Cybersecurity & Risk Management

• Supporting the implementation and monitoring of cybersecurity controls to protect organizational systems and data.
• Assisting in the execution of risk assessments and security reviews to identify vulnerabilities and ensure mitigation actions.
• Contributing to the development and maintenance of the organization’s cybersecurity posture in alignment with NIS2 requirements.
• Supporting incident detection, response, and reporting activities in accordance with regulatory timelines (e.g., NIS2 24‑hour incident notification).
• Monitoring threat intelligence feeds and assisting in the assessment of emerging cyber threats.

Compliance & Regulatory Management

• Ensuring compliance with internal security policies, regulatory requirements (e.g., GDPR, NIS2 Directive, eIDAS), and industry standards (e.g., ISO 27001, NIST CSF, CIS Controls).
• Supporting the implementation of NIS2 security measures, including supply‑chain security, vulnerability management, and business continuity planning.
• Contributing to internal and external audits by providing evidence, documentation, and follow‑up on remediation activities.
• Managing the lifecycle of IT compliance documentation and maintaining up‑to‑date records of controls, procedures, and compliance evidence.
• Monitoring regulatory developments and assisting in the interpretation and application of new compliance obligations.

Collaboration & Governance

• Collaborating with IT, business stakeholders, and third‑party vendors to ensure security and compliance requirements are embedded in processes, projects, and procurement activities.
• Supporting vendor risk assessments and third‑party security evaluations in line with NIS2 supply‑chain requirements.
• Participating in governance committees and security steering groups to provide compliance insights and recommendations.

Awareness & Training

• Supporting security awareness initiatives and training programs to promote a culture of compliance and accountability.
• Developing and delivering targeted training on regulatory requirements (e.g., NIS2, GDPR) and security best practices.

Required Qualifications & Experience

• 2–5 years of experience in cybersecurity, IT compliance, IT risk management, or IT audit roles.
• Knowledge of cybersecurity frameworks and standards (e.g., ISO 27001, NIST CSF, CIS Controls) and relevant regulations (e.g., GDPR, NIS2 Directive).
• Familiarity with risk assessment methodologies, audit processes, and incident response procedures.
• Ability to interpret and apply compliance requirements to real‑world systems and business processes.
• Strong organizational and documentation skills, with exceptional attention to detail.

Technical & Soft Skills

• Understanding of network security, vulnerability management, and security monitoring tools.
• Knowledge of supply‑chain security and third‑party risk management practices.
• Good communication and interpersonal skills to work effectively with cross‑functional teams and external auditors.
• Analytical mindset and proactive approach to identifying and resolving compliance issues.
• Ability to work independently and manage multiple priorities in a dynamic environment.

Preferred Qualifications

• Relevant certifications such as ISO 27001 Lead Implementer or Lead Auditor, Information Systems Auditor (CISA), Certified Information Security Manager (CISM), GIAC Security Essentials (GSEC), or equivalent NIS2 or cyber‑resilience certifications.
• Experience with compliance management platforms and GRC (Governance, Risk & Compliance) tools.
• Knowledge of healthcare industry regulations and data protection requirements.
• Familiarity with incident response and crisis management processes.

Language Skills

• Fluency in English (written and spoken) is required.
• Knowledge of additional European languages is an advantage.

Benefits

We offer a hybrid working policy, allowing employees to work 6 days per month remotely.