Cf- It Security And Compliance Engineer- Building Management (M/F/D) (Bum)
hace 14 horas
Málaga
CF- IT Security and Compliance Engineer- Building Management (m/f/d) (BUM) For REWE digital Spain, a subsidiary of the REWE Group located in Málaga, we are looking for an IT Security & Compliance Engineer (m/f/d) to strengthen our Building Management product team. As the central solution provider for information and telecommunications systems, REWE digital plans, develops, and operates digital solutions for one of the leading retail and tourism groups in Europe. Your Home of IT is our Building Management (BUM) product within the Corporate Functions (CF) domain and the Digital Office IT (DOIT) organization. The Building Management product supports a diverse portfolio of digital solutions that are essential for planning, constructing, operating, maintaining, and securing REWE Group facilities. These include building and maintenance management platforms, construction planning tools, room and workplace booking solutions, package tracking systems, and physical security solutions such as access control, video surveillance, and intrusion detection systems. As our IT Security & Compliance Engineer, you will act as the central point of contact for security, compliance, and governance topics across this application landscape. You will coordinate security measures with software vendors, infrastructure teams, security managers, and business stakeholders while ensuring that all relevant security controls and compliance requirements are implemented and maintained. What you will do Act as the primary contact for IT Security, Compliance, and Internal Control System (IKS) topics within the Building Management product. Coordinate security-related activities across a broad application and infrastructure landscape. Ensure compliance with internal security policies, governance requirements, and audit obligations. Translate security requirements into implementation plans and coordinate their execution with vendors and infrastructure teams. Drive and monitor the implementation of security measures such as: Patch and Vulnerability Management Firewall Rule Management Secure Communication and Encryption Standards Identity and Access Management (IAM) Security Hardening Measures Define, maintain, and continuously improve authorization concepts and permission models. Coordinate access reviews, user recertifications, and entitlement audits. Perform risk assessments, protection requirement analyses, and security evaluations. Review vulnerability reports, assess findings, derive mitigation plans, and coordinate remediation activities. Support security audits and ensure timely implementation of corrective actions. Maintain security documentation, audit evidence, and compliance records. Coordinate and track security measures through Jira, service management tools, and governance processes. Act as the interface between business stakeholders, software manufacturers, infrastructure specialists, security teams, and external partners. Support vendor management activities from a security and compliance perspective. Contribute to the continuous improvement of governance, compliance, and security processes within the Building Management landscape. What you will bring First and foremost, your personality: You enjoy coordinating complex topics, connecting different stakeholders, and driving sustainable solutions. You are interested in cybersecurity and governance topics, communicate confidently with technical and non-technical audiences, and take ownership of security-related challenges. At least 3 years of professional experience in IT Security, Security Governance, Compliance, Risk Management, Application Security, Infrastructure Security, or a comparable field. Experience coordinating security activities across multiple applications, stakeholders, and vendors. Good understanding of common IT security controls and security best practices. Experience with Identity & Access Management, authorization concepts, and user lifecycle processes. Experience with vulnerability management, security assessments, and risk evaluations. Experience supporting audits, compliance initiatives, or internal control systems. Ability to coordinate implementation activities with software vendors and technical infrastructure teams. Understanding of server, database, network, and cloud-based environments. Strong analytical, organizational, and communication skills. Ability to work independently after onboarding while collaborating effectively within an international team. Professional English language skills (required). German language skills are a strong plus. Experience with Jira and Confluence is desirable. Nice to have Experience with ISO 27001, NIS2, BSI-related frameworks, or comparable security standards. Experience working with Internal Control Systems (IKS). Knowledge of Saa S governance and third-party risk management. Experience with enterprise application security. Understanding of security requirements in retail, logistics, facility management, or corporate environments. Security certifications such as: Comp TIA Security+ CISSP CISM ISO 27001-related certifications What we offer Astartup-like culture combined with the stability and strength of the REWEGroup. Theopportunity to take ownership of security and compliance activities for adiverse and business-critical application landscape. Closecollaboration with experienced security experts, infrastructure specialists, architects, and software vendors. Aninternational and collaborative work environment with colleagues in Germany and Spain. Flexibleworking hours and a hybrid working model. Privatemedical insurance benefits. Ticket Restaurant. Professionaldevelopment opportunities including technical training and language courses. Day offon your birthday. 25daysof paid vacation. Opencommunication culture and the opportunity to shape security processes across a growing international organization. Security and compliance are essential foundations forreliable digital business processes. In this role, you will become the centralsecurity coordinator for a broad portfolio of applications supportingconstruction, facility management, workplace services, logistics, and physicalsecurity within the REWE Group. You will work at the intersection of applicationsecurity, infrastructure security, governance, compliance, and stakeholdermanagement. Rather than operating a single technology, you will ensure thatsecurity requirements are successfully implemented across a diverse ecosystemof applications, vendors, and infrastructure environments. By coordinating security initiatives, reducingvulnerabilities, driving compliance activities, and supporting audits, you willmake a tangible contribution to the resilience and security of REWE Group's Building Management landscape. Apply now in English and become part of REWE digital Spain's growing technology organization. #J-18808-Ljbffr