Information Security Compliance Engineer

About the role

We are looking for an Information Security Compliance Engineer to join our Quality & Compliance team. You will support the development of our security framework, internal audits, and client-facing compliance activities, ensuring alignment with international standards and regulations.

Tech stack:

• ISO/IEC 27001 (ISMS)

• TISAX / VDA ISA

• GDPR

• NIS2

Requirements:

• 2–4 years of experience in information security / compliance / risk (IT environment preferred)

• Practical knowledge of ISO/IEC 27001 (ISMS, audits, controls, corrective actions)

• Good understanding of GDPR and data protection

• Familiarity with NIS2

• Ability to assess security controls (governance perspective)

• Very good English (spoken and written)

• Strong analytical skills and attention to detail

• Ability to communicate clearly with technical and non-technical stakeholders

• Self-driven mindset and ability to manage multiple topics independently

• Professional approach, high integrity, and attention to confidentiality

Nice to have:

• Experienced in using AI tools in day-to-day workflow

• Experience with TISAX / VDA ISA

• Other ISO-based management systems (e.g. ISO 9001)

• ISO 27001 Lead Auditor or CISA certification

• Experience in consulting roles

Project description:

You will join an independent Quality & Compliance function and help maintain and develop the organization’s information security compliance framework. The role includes internal assurance work (e.g., internal audits and continuous improvement) and client-facing activities (e.g., customer audits, security questionnaires, and due diligence). You will act as a trusted advisor for both internal stakeholders and external clients, providing clear and actionable guidance on security and compliance topics.

Main responsibilities:

• Maintain and improve ISMS (ISO 27001, TISAX)

• Support internal and external audits

• Identify compliance gaps and track improvements

• Create and update policies, standards, and procedures

• Support GDPR, NIS2, and other regulatory requirements

• Assist with customer audits and security questionnaires

• Provide basic advisory support to clients

• Conduct high-level security and compliance assessments