Governance Manager (m/f/d)

You control the role & rights management (IAM) end-to-end: company-wide authorization concept according to lease privileges, quarterly/yearly recertifications as well as the governance for privileged access (PAM) including clean proof management. You develop and operate Identity & Access Governance: IAM policies in Azure AD (including Conditional Access), Joiner-Mover-Leaver processes, MFA enforcement, and monitoring and analysis of authorization anomalies with clear measures and escalations. In addition, you are responsible for the BCM and Disaster Recovery Organisation: Creation and maintenance of BCM plans and DR concepts (RTO/RPO), planning and implementation of DR tests, crisis exercises, emergency manuals and practical escalation paths. You shape the policy and policy lifecycle: creation, review and rollout of IT/OT/digital policies, structured exception handling (including documentation and decision templates) as well as implementation of compliance training and awareness formats. In addition, you are responsible for audit readiness and transparent risk reporting: preparing internal/external audits, building and maintaining control documentation, developing the risk register as well as regular reporting to governance board and CISO (including status, finding, measures, risks). You are driving zero-trust and supply chain security ahead: participation in the implementation of zero-trust principles (Never Trust, Always Verify) incl. Network Segmentation Policies and coordination with IT-Security/CISO, also Vendor Risk Assessments, SBOM for critical systems and supplier compliance testing – incl. Keeping measures.

You have a completed study of (economic) informatics, IT security, risk management or a comparable qualification with detectable practice in IT governance and compliance. You bring at least 5 years of relevant professional experience in IT governance, information security, compliance or risk management – ideally in corporate-critical or regulated environments (e.g. KRITIS, energy, infrastructure). In addition, you have extensive expertise in Identity & Access Management (IAM, PAM, RBAC, Recertification Processes, Permission Concepts) and Business Continuity Management incl. DR planning, testing, crisis management and RTO/RPO. You have very good knowledge of regulatory requirements such as NIS2, GDPR, ISO 27001, KRITIS and ideally first contact points with the EU AI Act. You are experienced in audit-readiness, control documentation and risk reporting and work safely with risk registers, audit proofs and governance reports. You have advanced knowledge in zero-trust architectures, OT/SCADA security as well as IT/OT convergence and know common GRC, IAM and PAM tools (e.g. Azure AD, CyberArk, GRC platforms). You communicate safely in German and fluent in English, work structured, analytically and bindingly, bringing enforcement and organisational strength into complex stakeholder settings.

Flexibility & Work-Life Balance Holiday: Take your time to shut down - we have 30 days of holiday available. Workation: You want to combine travel and work? Up to 4 weeks a year, you can work from outside the EU. Flexible work: office or home office? Depending on the activity, you decide with us what fits best. Finance & Future Occupational pensions: We support you in providing care for tomorrow, with grants for retirement. KiTa grant: Your family is important to us: we participate in the costs of childcare. JobRad: Sustainable mobile: Use your bike privately and environmentally friendly. Education and development Training budget: Whether professional or personal – we promote your development with a generous budget. Language courses: Improve your business English or learn a new language - flexible and practical. Health & team spirit Fitness offers: Stay fit with our WellHub cooperation - access to numerous gyms & online offers. Health management: We focus on prevention: occupational health management and accident insurance for all. Team events: Whether summer festival, team workshops or small after-work events - we celebrate success together. Company Benefits Success bonus: As a recognition for your contribution you receive a bonus annually. Possibility to participate: Be part of the energy transition and benefit from sustainable investments in wind turbines. .