Audit & Compliance Ownership

• Lead and manage all cybersecurity audits, including ISO 27001 and TISAX assessments

• Own audit readiness including control validation, evidence collection, and auditor coordination

• Act as the primary owner for customer, OEM, and third-party security questionnaires

• Track audit findings, assign remediation actions, and ensure timely closure

• Maintain audit artifacts and ensure continuous compliance posture

• Partner with IT and business teams to ensure controls are implemented and operating effectively

Policy & Governance Management

• Own and maintain all IT and information security policies, standards, and procedures

• Align policies with ISO 27001 Annex A and TISAX requirements

• Ensure policies are practical, enforceable, and aligned to business operations

• Drive policy lifecycle including creation, review, approval, and updates

• Support development and ongoing maturity of CSP’s ISMS

Security Engineering & Operations

• Implement and maintain security controls across identity, endpoints, and Microsoft 365

• Administer and secure Microsoft Entra ID (Azure AD) and Active Directory

• Enforce least privilege access, MFA, Conditional Access, and identity governance

• Manage Microsoft Defender suite across endpoint, identity, and Office 365

• Support incident detection, investigation, and response

Endpoint & M365 Security

• Secure Microsoft 365 (Exchange, SharePoint, Teams, OneDrive)

• Manage device compliance using Intune and endpoint management tools

• Monitor environment for threats and respond to alerts

• Implement hardening standards and baseline configurations

Plant & Physical Security Systems

• Support and standardize security controls across manufacturing plant environments

• Engineer and support badge access control, video surveillance, and door systems

• Partner with plant IT and facilities to maintain physical security systems

• Ensure alignment of physical security with audit and compliance requirements

Monitoring, Risk & Continuous Improvement

• Support vulnerability management and remediation tracking

• Conduct risk assessments and gap analyses

• Identify opportunities to improve security posture through automation and tooling

• Maintain documentation to support audit readiness and operational excellence

Qualifications

Required

• 5–8+ years of experience in cybersecurity, security engineering, or IT security

• Proven experience managing or supporting ISO 27001, TISAX, or similar audits

• Hands-on experience completing security questionnaires and audit evidence collection

• Strong experience writing and maintaining IT/security policies

• Technical expertise in Microsoft 365 Security, Entra ID, and endpoint protection platforms

• Experience working in multi-site or manufacturing environments preferred

• Strong analytical, documentation, and communication skills

Preferred

• Certifications such as CISSP, CISM, Security+, AZ-500, or SC-200

• Experience with Microsoft Sentinel or other SIEM platforms

• Familiarity with ISMS lifecycle and risk management frameworks

• Experience supporting automotive/OEM customer security requirements

• Exposure to manufacturing systems such as QAD