IT Security – Governance, Risk & Compliance Manager (all genders)

Job Description

Roland Berger is one of the world's leading strategy consultancies with a wide-ranging service portfolio for all relevant industries and business functions. We cherish different perspectives and approaches and count on the diversity and authenticity of our employees. Driven by our values of entrepreneurship, excellence, and empathy, we at Roland Berger are convinced that business and society need a new sustainable paradigm that takes the entire value cycle into account. Our cross-competence teams work with our clients to successfully address the challenges of our time, today and tomorrow, across all industries and business functions. If you like to take the initiative and make a difference as part of a team, Roland Berger is the right place for you.

As Security GRC Manager (all genders) you are part of Roland Berger's powerful and global IT security team. Together with highly motivated colleagues you can contribute significantly to the security of our IT environment, assets and intellectual property.

• Lead security governance, risk, and compliance (GRC) efforts related to data loss prevention (DLP), eDiscovery, and information governance within an Azure-centric infrastructure.
• Define and manage compliance roadmaps, ensuring alignment with standards such as ISO 27001, NIS2, and GDPR.
• Support internal stakeholders in maintaining audit readiness and overseeing the implementation of Microsoft Purview, DLP policies, and other M365 security controls.
• Collaborate with legal and GRCD teams on eDiscovery and regulatory response workflows.
• Provide expert input into customer RFPs and due diligence questionnaires, ensuring alignment with current compliance postures and security controls.
• Assist in maturing security policies, procedures, and documentation aligned with Azure and Microsoft 365 technologies.

• Proven experience in GRC, information security, or IT compliance roles with hands-on mentality.
• Strong understanding of Microsoft Purview, Azure Information Protection, and M365 DLP / eDiscovery features or experience with similar tools and environments.
• Experience managing or contributing to ISO 27001, or Cyber Essentials certification programs.
• Excellent writing and communication skills, especially in responding to security questionnaires and RFPs.
• Strong knowledge of data privacy regulations (GDPR, CCPA) and risk assessment methodologies.
• Ability to work cross-functionally with technical, legal, and business stakeholders.
• Certifications such as CISA, CISM, ISO 27001 Lead Implementer / Auditor, or Microsoft Security certifications are a strong plus.

• Dynamic international work environment with a high degree of professionalism and a steep learning curve
• Modern offices with daily fresh fruit, cereals as well as free hot and cold drinks; canteen or food voucher (depending on location)
• 30 days vacation, flexible working hours, part-time models as well as sabbatical options
• Modern IT infrastructure, laptop and company cell phone also for private use
• Offers of direct insurance, co-financing of company pension scheme, accident insurance, health insurance abroad
• Extensive seminar program as well as individual training and coaching measures as required
• Various fellowship programs for personal and professional development
• Berger Bike Program
• PME family service (including support in finding child or senior care)
• Employee parking spaces
• Relaxed team atmosphere with regular events and sports initiatives

View More