Responsibilities:

• Strategic Leadership: Oversee the strategic direction, design, and execution of SUSE’s information security management system (ISMS) processes, ensuring alignment with ISO 27001 and a strong focus on Governance, Risk & Compliance (GRC) principles.
• Stakeholder Engagement: Lead collaborations with senior stakeholders across SUSE to ensure the integration of security processes that effectively meet business objectives while maintaining compliance with stringent GRC requirements.
• Risk Management Oversight: Supervise the development and implementation of advanced 3rd party risk management frameworks to enhance the security resilience of SUSE’s supply chain and partner ecosystem.
• Regulatory and Legal Liaison: Act as the primary point of contact for the Head of Privacy, SUSE Data Protection Officer (DPO) and Legal team, driving resolution on complex customer security assessments and high-impact contract negotiations.
• Certification and Compliance Management: Take responsibility for SUSE’s ISO 27001 & ISO 27701 certification processes, ensuring compliance and spearheading continuous improvement initiatives to maintain certification standards.
• Policy and Controls Governance: Lead the creation, revision, and enforcement of comprehensive security policies, procedures, ensuring organizational alignment with industry best practices.
• Risk Assessment Leadership: Direct in-depth risk assessments, develop and approve risk treatment strategies, and ensure the organization’s risk management practices align with defined risk tolerances.
• Security Culture Advancement: Oversee the development and delivery of GRC-focused security awareness and training programs, driving a security-centric culture across the organization.
• Performance Monitoring: Establish and review key performance indicators (KPIs) related to GRC security activities, providing high-level strategic insights and recommendations for continuous improvement.
• Project and Program Management: Lead GRC-related projects and programs, ensuring successful planning, execution, and cross-functional collaboration.

Education and Experience Required:

• Proven Experience: Experience in GRC-focused information security roles, with demonstrated leadership capabilities. Experience with implementing ICT laws in practice.
• Educational Background: University Degree in Law
• Leadership in Project Management: Strong people, project and program management skills.