As Enterprise Security Officer, you support the development and continuous improvement of the company-wide security framework across cyber, physical, and people security domains.
You act as a subject-matter expert in security governance, translating external regulations and standards (e.g., ISO 27001, NIS2, ABRO/defense requirements) into practical policies, control frameworks, and implementation guidance for the organization.
Working closely with Product Teams, Business Process Owners, IT Security, Facility/Physical Security, and HR, you help embed security controls into business processes and ensure a consistent and auditable approach across the organization.
You are positioned within the Risk & Business Assurance function as part of the second line of responsibility. In this role, you focus on governance, frameworks, and oversight, while supporting and challenging the first line in the effective implementation of security controls.
Key Responsibilities
Enterprise security framework & governance
Support the development and continuous improvement of the Enterprise Security Framework, covering Cyber Security, Physical Security, and People Security
Develop and maintain security policies, standards, and control frameworks aligned with applicable regulations and business requirements
Translate regulatory requirements (e.g., defense, critical infrastructure, customer-specific) into structured and implementable control sets and templates
Contribute to the integration of security within the broader Risk & Business Assurance and Management System landscape
Regulatory Compliance & Assurance
Identify, interpret, and monitor applicable security regulations and standards (e.g., ISO 27001, NIS2, defense frameworks such as ABRO)
Support organizational readiness for external audits, certifications, and customer security assessments
Help define and maintain security assurance mechanisms, including internal audits, control testing, and compliance monitoring
Prepare reporting on security posture, risks, and compliance status, and support communication to Management Team and governance bodies
Security in high-sensitive programs
Ensure security requirements for defense and high-sensitivity projects are defined and implemented (e.g., project-specific security plans)
Translate enterprise security into project-level controls and templates
Interface with external authorities and customers on security compliance when required
Business Integration & Process Deployment
Partner with Business Process Owners to embed security controls into end-to-end business processes (R&D, manufacturing, service, supply chain)
Drive adoption and consistent implementation of security policies and controls across the organization
Translate enterprise-level security requirements into operational procedures and work instructions
Ensure security-by-design principles are integrated into new initiatives, products, and projects