Security Process Specialist (PID0635)

This is a remote position.

Security Process Specialist ISRC | PID0635

• Contract / Freelance
  
• Full-time or part-time
  
• Remote with travel readiness required (Germany)
  
• Start: 15/06/2026 (flexible)
  
• Fluent English required (C1+)
  

We are looking for a Security Process Specialist to join the Information Security, Risk and Compliance function of a large internal platform programme. You will not be a hands-on security implementer; instead, you will design, optimise and embed the processes, workflows and governance structures that enable security and compliance to function effectively across the programme.

What you'll be doing

• Assessing existing IS Risk Management, Compliance Management, NFR Management, Architecture Review and Security Operations processes to identify gaps and improvement opportunities
  
• Designing streamlined, pragmatic and scalable processes that balance security and regulatory requirements with operational feasibility
  
• Defining and refining workflows for IS risk identification, assessment, mitigation tracking and reporting
  
• Shaping processes for interpreting and implementing compliance requirements, including internal standards
  
• Establishing structured, repeatable processes for Security Architecture Design Reviews
  
• Consulting on incident response, vulnerability management and Product Release Specification (PRS) sign-off processes
  
• Ensuring secure design principles are reflected in process definitions and review workflows
  
• Actively participating in Organisational Development coalitions to align ISRC processes with the evolving operating model
  
• Supporting programme-wide enablement and knowledge-sharing activities
  

Requirements

What you'll need

• Hands-on exposure to security, risk and compliance processes within a larger organisation
  
• Ability to analyse and improve security-related workflows (risk management, compliance, NFRs, architecture reviews)
  
• Solid understanding of enterprise security and compliance frameworks and their impact on delivery
  
• Experience working with technical teams, architects and GRC stakeholders
  
• Ability to turn compliance or risk requirements into actionable process changes
  
• Experience embedding security and compliance checks into delivery processes
  
• Comfortable facilitating workshops and promoting secure ways of working
  
• Fluent English, spoken and written (C1 minimum)
  

Desirable

• Familiarity with ISO 27001/27005, OWASP ASVS or comparable frameworks
  
• Certification in CISSP, OSCP or OSWA
  
• Strong stakeholder management capability
  

Benefits