Munich, hybrid (3 home office days per week)
SHAPE THE FUTURE OF PRIVACY WITH USERCENTRICS
Usercentrics is a global leader in the field of consent management platforms (CMP). We follow our company vision to build a world where user privacy enables a thriving digital ecosystem. Our mission is to provide privacy solutions that empower organizations to embrace data privacy while building trust with their users through freedom of choice. With our product, businesses can collect, manage and document user consents on websites and apps, and achieve full compliance in accordance with global privacy regulations while facilitating high consent rates and building trust with their customers.
We are looking for a motivated and engaged Compliance Manager (m / f / d) to support our legal and compliance team in Munich.
Your primary responsibility will be to oversee contractual and regulatory requirements as well as our compliance programmes. You will serve as a lead for defining new controls and processes, including facilitation of the remediation of identified control gaps. Further you will be a critical representative for IT Governance, spanning across all functions of the organisation covering control subject areas including policies and procedures, application security, access and incident management.
In our Legal and Compliance Team one main focus is set on the topics of data protection, information security, compliance and ISO/SOC/TISAX/HIPAA/Soc II etc. certifications in an international context. In this context you will take over the following tasks:
- You will drive the coordination and implementation and will be Project Owner for the maintenance and improvement of our Information Security Management System (ISMS), our Data Protection Management System (DPMS) and our actual Compliance Management Tool (IKS Adonis) and other tools
- Project Lead and Coordinator for our current and future certifications and external audits and assessments
- Designing and implementing of Compliance Guidelines and Concepts and conducting of Inhouse Trainings for our teams, especially in the area of information security, data protection and Compliance
- Planning of awareness measures to sensitive our employees and internal stakeholders and conduction of specific trainings and control of improvement to continuously improve our our processes
- Independent control and optimisation of our existing control systems, creation of Risk Assessments and create/improve measures accordingly
- Support in improving our internal Compliance organisation; Preparing reports on current risk and compliance performance
- Analysis of our existing business processes and evaluation of our processes on the basis of information security and data privacy criteria
- Counseling for the usage and suitability of IT systems and infrastructure solutions
- Maintenance of existing and establishment of new process directories according to GDPR
You demonstrate passion for innovation, risk management, and a mature understanding of Information Technology and possess:
- University degree of Computer Science, Business Informatics, IT-Management, Information Security, Law, Economics Law or comparable education with a strong connection to IT Governance
- Minimum of 3-5 years experience in a comparable role and in the area of information security and data privacy
- Having former auditor experience, especially for ISO 27001, SOC II type 1 or 2 and/or HIPAA
- Relevant certifications are of advantage, e.g. Information Security Foundation, Officer or Auditor according to ISO27001, TISAX®, SOC type II, HIPAA, Data Protection Officer or equivalent certifications or rather willingness to obtain those
- Advanced knowledge in the field of information security (min. ISO27001, the following are a big plus: VDA ISA / TISAX®, SOC, HIPAA etc.) and data privacy (GDPR and other relevant data privacy laws a plus)
- Track record as internal/external ISO officer is a bug plus and willingness to take over this role within the Company
- Experience evaluating the design and effectiveness of IT controls
- A strong understanding of the IT general control areas and the IT governance framework
- Advanced understanding of risk and compliance combined with the ability to clearly communicate risk in a concise manner that helps drive change; build consensus amongst senior leaders and executives
- Fluent in German and English (in writing and verbal form) as we are an English speaking environment
We are driven by our values #BeBrave, #BetterTogether, #LeadbyExample, #InnovateWithPurpose, #PassionForPrivacy, #GiveBack and #ComeAsYouAre. They show what we believe in and how we work. They help make our team special and guide us in everything we do. They're the heart of our company and inspire us to do our best every day.
We strive to create a diverse, equitable, and inclusive environment (DEI) where everyone feels valued, respected, and empowered to reach their full potential. We believe that our different backgrounds, experiences, and perspectives are our greatest strengths — so we are committed to building with them as we foster innovation and drive our success.
We recognize that this is an ongoing journey. We commit to listening and to continuous learning, growth, and improvement. By embracing DEI principles, we will create a more just and equitable society, and we are proud to play our part in making this vision a reality.
We are #BetterTogether.