Senior GRC

About T-Systems:
With around 28,000 employees worldwide and annual revenues of EUR 4.0 billion (2021), T-Systems is one of the leading providers of digital services. The Deutsche Telekom subsidiary is headquartered in Germany and has a presence in Europe as well as in selected core markets and strategic production locations. T-Systems can provide a global production and supply chain to companies operating worldwide.
T-Systems offers integrated end-to-end IT solutions, driving the digital transformation of companies in all industries and the public sector. Focus industries include automotive, manufacturing, logistics and transportation, as well as healthcare and the public sector. T-Systems develops vertical, company-specific software solutions for these sectors.
About the Role:
This hybrid individual contributor role combines Governance, Risk & Compliance (GRC) oversight with IT strategy and delivery for the local TDU (Technology Delivery Unit). Over time, this individual has potential to take over the lead role for TDU IT, while acting as a senior focal point for audit, data privacy, IT security, and health safety & environment related initiatives in alignment with global standards and local requirements.
Core Responsibilities:
GRC / Audit / Security / Health, Safety & Environment (50%)
Audit & Risk Management
Lead and execute internal and external audits in compliance with ISO standards (e.g. ISO9001 and ISO20000), ensuring alignment with both central and local regulatory requirements
Conduct risk assessments and self-assessments; manage corrective and preventive actions
Prepare internal teams and business stakeholders for internal and external audits
Localize and implement global Integrated Management System (IMS) and Quality Management System (QMS) policies
Plan and execute additional audits or assessments as required, including data privacy and process compliance reviews
Information Security Management
Manage internal audits in accordance with ISO standards (e.g. ISO27001), driving continuous improvement across IT security practices
Conduct risk analyses and collaborate with cross-functional teams to mitigate identified risks
Review and tailor Information Security Management System (ISMS) policies for local implementation
Support Business Continuity Planning (BCP), Emergency Crisis Management (ECM), and related testing and documentation
Data Protection & Privacy
Implement and oversee data privacy audits and inspections based on local laws (e.g. PDPA) and global frameworks (e.g. GDPR)
Roll out updates to privacy policies and ensure third-party compliance (e.g. vendors, partners, and customers)
Coordinate with central functions for reporting and implementation of mandated privacy initiatives
Workplace Health, Safety & Environment (HSE)
Lead audits aligned to Environmental Management (e.g. ISO and Occupational Health & Safety (e.g. ISO 45001), including managing post-audit action plans
Adapt and communicate central HSE policies for local implementation
TDU IT Management (50%)
Manage the local TDU IT function, aligning strategic initiatives with the global IT roadmap
Drive end-to-end IT project and program delivery - including solution design, deployment, and governance oversight
Manage IT resources, budgeting, forecasting, and expenditure tracking
Oversee IT asset lifecycle management, ensuring compliance with procurement, licensing, and cybersecurity standards
Involved in digital transformation and local innovation initiatives, including the adoption of emerging technologies
Requirements
Bachelor's degree in Information Technology, Cybersecurity, or a related field
10–15 years of experience in GRC/audit and IT management roles in a multinational environment
Strong knowledge of ISO standards (e.g. 9001, 20000, 27001, 14001/45001) and audit frameworks
Familiar with data protection laws and policies (e.g. GDPR, PDPA)
Hands-on experience in IT solution design, digital transformation, and project/program management
Strong leadership, stakeholder engagement, and communication skills
Experience working across countries and with centralised/global teams
Certification preferred: PMP, ISO Auditor, or equivalent
#J-18808-Ljbffr