Back to jobs

Senior IT Compliance Manager (all genders)

Berlin, Berlin, Germany

About The Company
GROPYUS creates sustainable, affordable, and aspirational buildings for everyone through modular construction and setting a new standard in smart living.

About the Role:

The Senior IT Compliance Manager is responsible for ensuring that the organization’s IT systems and processes comply with regulatory requirements and internal policies. This role involves developing, implementing, and maintaining IT compliance programs, conducting risk assessments, and providing guidance on compliance matters to senior management and other stakeholders. The role also requires a strong technical background in software development and cloud technologies. 

What you'll be doing:

  • Create and manage IT, Information security and Business continuity compliance programs to ensure adherence to regulatory requirements such as GDPR and other applicable laws and regulations. 
  • Conduct regular risk assessments and develop mitigation strategies to address identified risks. 
  • Draft, modify, and implement IT policies and IT relevant processes and procedures to ensure compliance with legal and regulatory standards. 
  • Coordinate and conduct internal audits to monitor compliance with IT policies and procedures. Act as the primary point of contact for external audits. 
  • Develop and deliver training programs to educate employees on IT compliance requirements and best practices. 
  • Prepare and present compliance reports to senior management and regulatory bodies as required. 
  • Work closely with IT, legal, and business teams to ensure compliance requirements are integrated into business processes and IT systems. 
  • Oversee compliance for cloud-based systems and services, ensuring that cloud deployments adhere to regulatory requirements and internal policies. 
  • Conduct IT Risk assessments for business teams and closely follow up of risk mitigations 

What you bring:

  • In-depth understanding of compliance frameworks such as ISO 27001, NIST 800 and good to know other frameworks and regulations also like BSI 200, NIS2, etc. 
  • Proficiency in Information security and IT systems to understand the technical designs of systems 
  • Experience with cloud platforms such as AWS, Azure, or Google Cloud, including knowledge of cloud security and compliance best practices. 
  • Strong skills in risk assessment, control frameworks, and process improvement models. 
  • Experience with compliance and audit tools, such as GRC (Governance, Risk, and Compliance) software. 
  • Relevant certifications such as ISO/IEC 27001, CISA, CISM or similar. 
  • Ability to analyze complex IT processes and identify compliance risks and improvement opportunities. 
  • Excellent written and verbal communication skills to articulate compliance requirements and findings to both technical and non-technical audiences.  

Qualifications: 

  • Bachelor’s or Master’s degree in Information Systems,Business Administration, or a related field. 
  • Minimum of 4-8 years of experience in IT compliance, with a focus on managing compliance programs and conducting audits. 
  • Professional certifications in compliance and IT security are highly desirable. 

What We Offer

  • Be part of something big: You’re here to make a change? Come on board. At GROPYUS, we are on a mission to re-think an entire industry. Join us in reinventing construction and sustainable, affordable living. 
  • It’s on you: We offer a tremendous amount of ownership and room to make a mark - at all our organization levels. Find your solutions, drive and test them.
  • Focus on results: You choose if you work from home, a park, or the office. Whether you start your day early, after your run, or pick up on work when your kids are in bed. What counts is your contribution and delivery.
  • Bring your uniqueness to the team: Innovation requires diversity of thought. Diversity in background, experience and thinking is crucial to create the best product for everyone. We actively seek diversity and strive to unlock each other’s full potential. We are very proud that people from all industries and all walks of life are joining our company – in addition to core areas such as construction, engineering, and start-ups, from stock-listed companies from across automotive e-Commerce, digital, sporting goods, and more. You will work in international teams with passionate colleagues. Inspire and be inspired.
  • Be an owner: Participate in the success of GROPYUS through stock options.


Join us on our mission to design buildings as continuously evolving products to create the most exciting and affordable experience for all. We build for people and conserve the resources of our planet.

We can't wait to get to know you. 
For more information, visit our website, and if you have any questions, please reach out to us via email.

Join us on our mission to design buildings as continuously evolving products to create the most exciting and affordable experience for all. We build for people and conserve the resources of our planet.

We can't wait to get to know you. 
For more information, visit our website, and if you have any questions, please reach out to us via email.

Create a Job Alert

Interested in building your career at GROPYUS? Get future opportunities sent straight to your email.

Create alert

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf

Select...
Select...

The company of the GROPYUS Group to which you specifically apply is responsible for data processing in the job application process. GROPYUS AG is responsible for the processing of data in the context of initiative applications or job postings without specification of a particular company of the GROPYUS Group. You can reach the company responsible in each case by post at the address given in the job posting. 

(i) The purpose of data processing is the selection of job applicants for employment. We also use anonymized data for statistical evaluations. A change of purpose is not planned. 

(ii) The processed data are name, contact data, communication details, login data on the Job Board (if applicable), interview notes, job application documents including certificates and curriculum vitae, the time stamp of communication, as well as technical metadata of communication. 

(iii) The legal basis is Article 6 (1) (b) (initiation of the employment contract) in conjunction with Article 88 GDPR and the national regulations on employee data protection at the headquarters of the GROPYUS Group company to which you are applying. If we transfer your application documents to other affiliated companies, the legal basis for this is Article 6 (1) (f) GDPR (legitimate interest in group-internal job applicant management). If we are currently unable to offer you a position, but your application is suitable for other positions in the future, and you do not object to further storage, the legal basis for further storage is Article 6 (1) (f) GDPR (legitimate interest in retaining suitable job applications). 

(iv) The job application data will be transferred internally to the responsible employees in charge of the decision-making. In this context, the data may also be passed on to other affiliated companies of the GROPYUS Group, provided that you do not object to such transfer. We also use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance, and servicing of IT systems. 

(v) Application data is deleted six months after the end of the specific application process. If job applicants are also considered for future positions and do not object to further storage of their data, the data will remain stored for up to 12 months after the end of the job application process. 

(vi) The provision of personal data is necessary for the examination of the job application and, if applicable, the subsequent conclusion of an employment contract. A job application cannot be considered without the provision of personal data.