ISO 27001 Governance Specialist

NTT Data Business Solutions is an IT services and solutions provider, primarily engaged with implementing and maintaining SAP and other business information systems, IT Infrastructure services, Information Security solutions, Business Development and Project Management. We are working on projects around the world: almost all countries in Europe, the Middle East, the USA and Africa. We are a strategic partner of the biggest SAP Services providers, where we are delivering Implementation and Support services. NTT Data Business Solutions is a part of NTT Data Business Solutions Germany.

We are looking for a dedicated and experienced ISO 27001 Governance Specialist to join our team and support the continuous development and compliance of our information security program. This role plays a key part in ensuring our organization meets the highest standards of security governance, regulatory compliance, and risk management.

• Maintain and enhance the company’s Information Security Management System (ISMS) in alignment with ISO 27001:2022.
• Support compliance with regulatory frameworks such as NIS2, GDPR, and DORA where applicable.
• Develop, review, and maintain security policies, standards, and procedures.
• Coordinate internal and external audits, track nonconformities, and oversee corrective actions.
• Conduct and maintain information security risk assessments across business units.
• Ensure identified risks are documented, tracked, and mitigated according to company policies.
• Support business continuity planning and incident response processes.
• Assist in the detection, analysis, and response to security incidents.
• Collaborate with IT operations and management on remediation activities and communication.
• Perform supplier security assessments and manage due diligence activities.
• Support customer security questionnaires, audits, and contract reviews.
• Collaborate with development teams to embed security throughout the SDLC.
• Support secure coding practices, threat modeling, and security testing activities.
• Assist with security reviews of application architecture, design, and code.
• Monitor emerging threats, technologies, and regulatory developments.
• Recommend enhancements to security controls, monitoring capabilities, and governance processes.

• Strong knowledge of ISO 27001:2022 and information security governance.
• Experience with regulatory frameworks (GDPR, NIS2, DORA) is an advantage.
• Solid understanding of risk management, incident management, and supplier security.
• Familiarity with secure development practices and application security is a plus.
• Excellent communication skills and the ability to work with cross-functional teams.
• Proactive, analytical, and detail-oriented mindset.
• Advanced skills in English.

• To join one of the fastest-growing and successful companies in the field of Information technology.
• To work in a friendly, motivated, and achievement-oriented team of professionals.
• Challenging assignments and career development opportunities.
• Competitive remuneration package and social benefit program.
• Remote work.

If you are interested in becoming part of our team, please do not hesitate to send us your resume in English. We thank all interested applicants but will only contact the short-listed ones. Please indicate in the “Subject” the position you are applying for. All applications will be treated with strict confidentiality.