Back to jobs

Senior IT Compliance Manager (all genders)

Berlin, Berlin, Germany

About The Company
GROPYUS creates sustainable, affordable, and aspirational buildings for everyone through modular construction and setting a new standard in smart living.

About the Role:

The Senior IT Compliance Manager is responsible for ensuring that the organization’s IT systems and processes comply with regulatory requirements and internal policies. This role involves developing, implementing, and maintaining IT compliance programs, conducting risk assessments, and providing guidance on compliance matters to senior management and other stakeholders. The role also requires a strong technical background in software development and cloud technologies. 

What you'll be doing:

  • Create and manage IT, Information security and Business continuity compliance programs to ensure adherence to regulatory requirements such as GDPR and other applicable laws and regulations. 
  • Conduct regular risk assessments and develop mitigation strategies to address identified risks. 
  • Draft, modify, and implement IT policies and IT relevant processes and procedures to ensure compliance with legal and regulatory standards. 
  • Coordinate and conduct internal audits to monitor compliance with IT policies and procedures. Act as the primary point of contact for external audits. 
  • Develop and deliver training programs to educate employees on IT compliance requirements and best practices. 
  • Prepare and present compliance reports to senior management and regulatory bodies as required. 
  • Work closely with IT, legal, and business teams to ensure compliance requirements are integrated into business processes and IT systems. 
  • Oversee compliance for cloud-based systems and services, ensuring that cloud deployments adhere to regulatory requirements and internal policies. 
  • Conduct IT Risk assessments for business teams and closely follow up of risk mitigations 

What you bring:

  • In-depth understanding of compliance frameworks such as ISO 27001, NIST 800 and good to know other frameworks and regulations also like BSI 200, NIS2, etc. 
  • Proficiency in Information security and IT systems to understand the technical designs of systems 
  • Experience with cloud platforms such as AWS, Azure, or Google Cloud, including knowledge of cloud security and compliance best practices. 
  • Strong skills in risk assessment, control frameworks, and process improvement models. 
  • Experience with compliance and audit tools, such as GRC (Governance, Risk, and Compliance) software. 
  • Relevant certifications such as ISO/IEC 27001, CISA, CISM or similar. 
  • Ability to analyze complex IT processes and identify compliance risks and improvement opportunities. 
  • Excellent written and verbal communication skills to articulate compliance requirements and findings to both technical and non-technical audiences.  

Qualifications: 

  • Bachelor’s or Master’s degree in Information Systems,Business Administration, or a related field. 
  • Minimum of 4-8 years of experience in IT compliance, with a focus on managing compliance programs and conducting audits. 
  • Professional certifications in compliance and IT security are highly desirable. 

What We Offer

  • An unlimited contract with 28 vacation days.  
  • Flexible, hybrid work: You can work from home or come into the office on the schedule that works best for you. Feel like traveling and working from another location? No problem. Tune into meetings and work from abroad for up to 40 days per year. In addition, flex hours allow you to prioritize important moments in your day.  
  • Attractive perks and benefits: We offer a company pension scheme, language courses (English/German), and employee discounts with selected sustainable brands. Furthermore, our external partners in mental health support you in strengthening your mental health through anonymous private/group sessions.   
  • Virtual Shares Program: Participate in the success of GROPYUS through our Virtual Share Program.  
  • Ownership: You can truly make your mark with your work and contributions – on  all our organizational levels. Find your solutions, drive and test them.  
  • The chance to be part of something big: Our mission is to rethink an entire industry. Join us in reinventing construction and fostering sustainable, affordable living.   
  • A diverse and enriching work environment: Become a valued member of a wonderfully diverse team of individuals from over 50 countries. At GROPYUS we value inclusion above all, ensuring that everyone feels they belong – no matter their background. In this way, our differences become strengths that help us grow as a team. 

Join us on our mission to design buildings as continuously evolving products to create the most exciting and affordable experience for all. We build for people and conserve the resources of our planet.

We can't wait to get to know you. 
For more information, visit our website, and if you have any questions, please reach out to us via email.

Create a Job Alert

Interested in building your career at GROPYUS? Get future opportunities sent straight to your email.

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf

Select...
Select...

The company of the GROPYUS Group to which you specifically apply is responsible for data processing in the job application process. GROPYUS AG is responsible for the processing of data in the context of initiative applications or job postings without specification of a particular company of the GROPYUS Group. You can reach the company responsible in each case by post at the address given in the job posting. 

(i) The purpose of data processing is the selection of job applicants for employment. We also use anonymized data for statistical evaluations. A change of purpose is not planned. 

(ii) The processed data are name, contact data, communication details, login data on the Job Board (if applicable), interview notes, job application documents including certificates and curriculum vitae, the time stamp of communication, as well as technical metadata of communication. 

(iii) The legal basis is Article 6 (1) (b) (initiation of the employment contract) in conjunction with Article 88 GDPR and the national regulations on employee data protection at the headquarters of the GROPYUS Group company to which you are applying. If we transfer your application documents to other affiliated companies, the legal basis for this is Article 6 (1) (f) GDPR (legitimate interest in group-internal job applicant management). If we are currently unable to offer you a position, but your application is suitable for other positions in the future, and you do not object to further storage, the legal basis for further storage is Article 6 (1) (f) GDPR (legitimate interest in retaining suitable job applications). 

(iv) The job application data will be transferred internally to the responsible employees in charge of the decision-making. In this context, the data may also be passed on to other affiliated companies of the GROPYUS Group, provided that you do not object to such transfer. We also use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance, and servicing of IT systems. 

(v) Application data is deleted six months after the end of the specific application process. If job applicants are also considered for future positions and do not object to further storage of their data, the data will remain stored for up to 12 months after the end of the job application process. 

(vi) The provision of personal data is necessary for the examination of the job application and, if applicable, the subsequent conclusion of an employment contract. A job application cannot be considered without the provision of personal data.