O pozici
About Us SUSE is a global leader of enterprise open source software. By transforming community innovations into secure, sovereign and AI-ready solutions, SUSE empowers customers to escape vendor lock-in and regain control of their IT destiny. Through industry-leading Linux, Kubernetes, Edge and AI infrastructure solutions, SUSE delivers the flexibility to innovate everywhere—from the data center to multi-cloud and out to the edge. Only SUSE also manages many Linux and Kubernetes distributions. At SUSE, Choice Happens because we prioritize community, interoperability and relentless innovation. Discover how we power mission-critical resilience at www.suse.com.
Co budeš dělat
- Cybersecurity GRC Governance & Policies: Develop, maintain and support implementation of SUSE ISMS policies, procedures and standards, working with control owners and accountable functions to ensure requirements are understood, implemented and evidenced.
- Technical Control Management: Ensure governance policies are effectively translated into technical controls, driving the continuous improvement in this area.
- Risk Management Compliance & Frameworks: Oversee control and evidence collection management for key compliance frameworks, notably ISO/IEC 27001, SOC 2, NIS2, BSIG, and DORA. Familiarity with Common Criteria certification concepts and assurance requirements, including EAL4+ or comparable certification expectations, is an advantage.
- Audit Facilitation: Coordinate and lead internal and external security audits. Serve as the primary point of contact for external auditors and track remediation plans for any identified gaps.
- Security Awareness: Design and deliver security awareness initiatives to promote a culture of compliance.
- GRC Engineering: Define and improve GRC and AI governance workflows, evidence models, dashboards and automation requirements. Partner with the Cybersecurity GRC Engineer to implement, configure and maintain tooling, integrations and automated workflows
- GRC Platform Management: Maintain, configure, and optimize GRC platform
- AI Management System: Operationalize and maintain SUSE’s AI Management System in alignment with the ISO/IEC 42001
- Regulatory Compliance: In cooperation with the legal department, monitor and implement compliance of internal AI adoption, AI-enabled business processes, AI-enabled engineering workflows, AI-enabled or AI-related products with EU AI Act and other relevant global AI regulations.
- AI Risk & Threat Modelling
Koho hledáme
- Experience: 5+ years in Cybersecurity GRC and 3+ in AI Governance or related field
- Regulatory & Standard Expertise: Deep knowledge of ISO/IEC 27001, ISO 42001 and SOC 2 frameworks. Comprehensive knowledge of current EU cybersecurity regulations (NIS2, CRA, DORA, EU AI Act)
- Audit Experience: Experience managing end-to-end audit lifecycles.
- AI Management Knowledge: Demonstrated understanding of AI concepts and the operational risks associated with deploying AI technologies in an enterprise environment
- Technical Proficiency: Ability to collaborate effectively with Engineering, Security Operations and Security Architect teams.
- Communication: Clear communication skills. Experience leading cross-functional initiatives across different technical/compliance teams is an advantage.
- AI Efficiency: Demonstrated ability to effectively leverage and integrate AI tools into daily workflows
- Open Source Knowledge: Familiarity with open-source software is an advantage
- Cybersecurity Certifications are an advantage.
