About NIO
NIO Inc. is a pioneer and a leading manufacturer of premium smart electric vehicles in China. Founded in November 2014, NIO designs, develops, jointly manufactures and sells premium smart electric vehicles, driving innovations in next-generation technologies in autonomous driving, digital technologies, electric powertrains and batteries. NIO is committed to a more environmentally friendly future in which improved smart electric car technologies, coupled with a better car ownership experience, will drive increased appreciation and adoption of smart electric cars, leading to a more sustainable future for the planet.
For our Information Security Team in Munich we are looking for an
Information Security Analyst - Risk Governance and Compliance Assurance (m/f/d)
Responsibilities
* Able to plan, implement, and maintain the organization’s compliance assurance program, following industry security standard, i.e., ISO 27001, TiSAX, and EU local regulation such as NIS2, GDPR.
* Collaborate with cross-functional teams to integrate security compliance requirements into business processes and IT systems.
* Coordinate and manage the certification audit process for ISO 27001, TiSAX and other industry standards, including internal training, pre-assessment, on-site assessment, preparation of necessary evidence, answering questions and addressing audit concerns, interfacting with external auditors, open issues and findings management, audit report review etc.
* Provide expert guidance and training to staff on external regulation policy, internal information security policies, procedures, and industry best practices.
* Communicate and report any open gaps or issues clearly and effectively to both technical and non-technical stakeholders, providing risk control guidance and support throughout the compliance management journey.
* Drive continously on compliance improvement process.
Qualifications
* 3+ years of experience in information security assurance program management, internal security audit and external certification program management.
* Strong understanding of EU regulatory policy and security standard requirements in the area of cyber security, data security, such as GDPR, NIS2.
* Proven working experience in adopting and implementing industry standard-based security controls, such as ISO 27001, TiSAX, local security policies and regulations etc. ISO 27001 Lead Auditor, CISA or CISM are highly desirable.
* Excellent project management skills, with the ability to manage multiple compliance projects simultaneously.
* Experience in conducting audits and assessments, including the preparation and review of audit documentation.
* Strong written and verbal communication with the ability to converse effectively at all levels of seniority, both internally and externally. Proven success of communicating effectively in English.
* Excellent problem-solving skills and attention to detail. Strong analytical and organizational skills
* Ability to work independently, as well as part of a wider team.
Nice to have
* Extensive experience in compliance management, industry certifications, common subject knowledge of cyber security and data security, and project management is preferred.
This isn’t just another job. It’s an opportunity to join a movement to change the mobility experience for everyone. If you find that as exciting as we do, come join us!
To apply for this role please send your CV in English.
We are a global organization with talents in Security across the globe. Come join us today and be a part of NIO‘s exciting journey and growth.
We look forward to hearing from you!
NIO as a Global User Enterprise has organized its business globally. Depending on the job you are applying for, it may be necessary to involve hiring managers outside the European Economic Area (EEA), that are engaged at another NIO group company, such as NIO Co., Ltd located in Shanghai, China or NIO USA Inc, Palo Alto, USA. If data is processed in countries outside the EEA, NIO uses standard contractual clauses published by the European Commission, with appropriate technical and organizational measures, to ensure that your personal data is processed in accordance with European data protection standards.