Security Process Specialist (PID0635)

This is a remote position.

Security Process Specialist ISRC PID0635

• Contract / Freelance
  
• Full-time or part-time
  
• Remote with travel readiness required (Germany)
  
• Start: 15/06/2026 (flexible)
  
• Fluent English required (C1)
  

We are looking for a Security Process Specialist to join the Information Security Risk and Compliance function of a large internal platform programme. You will not be a hands-on security implementer; instead you will design optimise and embed the processes workflows and governance structures that enable security and compliance to function effectively across the programme.

What youll be doing

• Assessing existing IS Risk Management Compliance Management NFR Management Architecture Review and Security Operations processes to identify gaps and improvement opportunities
  
• Designing streamlined pragmatic and scalable processes that balance security and regulatory requirements with operational feasibility
  
• Defining and refining workflows for IS risk identification assessment mitigation tracking and reporting
  
• Shaping processes for interpreting and implementing compliance requirements including internal standards
  
• Establishing structured repeatable processes for Security Architecture Design Reviews
  
• Consulting on incident response vulnerability management and Product Release Specification (PRS) sign-off processes
  
• Ensuring secure design principles are reflected in process definitions and review workflows
  
• Actively participating in Organisational Development coalitions to align ISRC processes with the evolving operating model
  
• Supporting programme-wide enablement and knowledge-sharing activities
  

Requirements

What youll need

• Hands-on exposure to security risk and compliance processes within a larger organisation
  
• Ability to analyse and improve security-related workflows (risk management compliance NFRs architecture reviews)
  
• Solid understanding of enterprise security and compliance frameworks and their impact on delivery
  
• Experience working with technical teams architects and GRC stakeholders
  
• Ability to turn compliance or risk requirements into actionable process changes
  
• Experience embedding security and compliance checks into delivery processes
  
• Comfortable facilitating workshops and promoting secure ways of working
  
• Fluent English spoken and written (C1 minimum)
  

Desirable

• Familiarity with ISO 27001/27005 OWASP ASVS or comparable frameworks
  
• Certification in CISSP OSCP or OSWA
  
• Strong stakeholder management capability
  

Benefits