Data Leakage Prevention - Information Security Specialist - Group Security (f/m/d)

Your area of work:

As part of the Cyber Protection - Detect & Prevent unit, you will act as the Group's senior specialist for Data Leakage Prevention (DLP) governance, with end-to-end accountability for the DLP governance framework and the effective delivery of the DLP service. The role focuses on policy and rule-setting, governance oversight, risk management, and assurance, while also ensuring that the DLP service is reliably operated, performance-managed, and continuously improved through close coordination with IT delivery teams and business stakeholders. Technical implementation is executed by dedicated operational teams; this role is responsible for direction, oversight, and service outcomes.

Your responsibilities:

• Define, maintain, and evolve DLP governance requirements, internal security policies, and written rules in alignment with the ICT risk framework and regulatory expectations.
• Establish clear requirements for information handling, classification, data transfer, endpoint usage, and media protection etc.
• Ensure governance documentation is clear, consistent, risk based, and fit for practical adoption across the organisation.
• Define and oversee the DLP control framework, including mandatory controls, criteria, and governance expectations.
• Ensure clear accountability across governance, operational, and delivery functions, with appropriate separation of duties.
• Monitor adherence to DLP requirements and support corrective actions where gaps are identified.
• Support responsible teams with data leakage risk assessments, deviations, and exception handling, advising stakeholders on risk implications and mitigation options.
• Assess the impact of regulatory, organisational, or technology changes on DLP governance and service obligations.
• Manage audit and assurance activities by providing governance evidence, expert input, and remediation oversight.
• Act as the governance owner of the enterprise DLP service, ensuring it is delivered in line with defined policies, risk expectations, and service objectives.
• Oversee service performance, operational stability, and lifecycle evolution, including monitoring and reporting on KPIs, SLAs, and recurring issues.
• Coordinate incidents, changes, and improvement initiatives with responsible delivery teams to ensure timely resolution and risk aligned outcomes.
• Drive continuous improvement of the DLP service to enhance effectiveness, efficiency, and user experience.
• Serve as the primary point of contact for DLP related governance and service matters for business units, IT, and risk stakeholders.
• Provide expert guidance on DLP requirements, service capabilities, and acceptable data handling practices.
• Support projects, new solutions, and organisational changes by advising on DLP governance and service implications.

Your profile:

• Bachelor's or Master's degree in Cybersecurity, Information Security, IT, Risk Management, or a related discipline.
• Experience in information security governance, data protection, or risk management within a regulated or complex environment.
• Solid understanding of Data Leakage Prevention principles, including information handling, classification, secure data transfer, email and endpoint controls.
• Experience in information security governance, data protection, or risk management within a regulated environment, including practical application of requirements arising from GDPR, DORA, and related industry standard frameworks such as ISO/IEC 27001, NIST
• Strong analytical, documentation, and stakeholder management skills.
• Ability to translate governance requirements into practical, business aligned rules and service expectations.
• Proficiency in English; German language skills are an advantage.
• High degree of ownership, adaptability, and a proactive, quality driven mindset.