Data Leakage Prevention - Information Security Specialist - Group Security (f/m/d)

Your area of work:

As part of the Cyber Protection – Detect & Prevent unit, you will act as the Group’s senior specialist for Data Leakage Prevention (DLP) governance, with end‑to‑end accountability for the DLP governance framework and the effective delivery of the DLP service. The role focuses on policy and rule‑setting, governance oversight, risk management, and assurance, while also ensuring that the DLP service is reliably operated, performance‑managed, and continuously improved through close coordination with IT delivery teams and business stakeholders. Technical implementation is executed by dedicated operational teams; this role is responsible for direction, oversight, and service outcomes.

Your responsibilities:

• Define, maintain, and evolve DLP governance requirements, internal security policies, and written rules in alignment with the ICT risk framework and regulatory expectations.
• Establish clear requirements for information handling, classification, data transfer, endpoint usage, and media protection etc.
• Ensure governance documentation is clear, consistent, risk based, and fit for practical adoption across the organisation.
• Define and oversee the DLP control framework, including mandatory controls, criteria, and governance expectations.
• Ensure clear accountability across governance, operational, and delivery functions, with appropriate separation of duties.
• Monitor adherence to DLP requirements and support corrective actions where gaps are identified.
• Support responsible teams with data leakage risk assessments, deviations, and exception handling, advising stakeholders on risk implications and mitigation options.
• Assess the impact of regulatory, organisational, or technology changes on DLP governance and service obligations.
• Manage audit and assurance activities by providing governance evidence, expert input, and remediation oversight.
• Act as the governance owner of the enterprise DLP service, ensuring it is delivered in line with defined policies, risk expectations, and service objectives.
• Oversee service performance, operational stability, and lifecycle evolution, including monitoring and reporting on KPIs, SLAs, and recurring issues.
• Coordinate incidents, changes, and improvement initiatives with responsible delivery teams to ensure timely resolution and risk aligned outcomes.
• Drive continuous improvement of the DLP service to enhance effectiveness, efficiency, and user experience.
• Serve as the primary point of contact for DLP related governance and service matters for business units, IT, and risk stakeholders.
• Provide expert guidance on DLP requirements, service capabilities, and acceptable data handling practices.
• Support projects, new solutions, and organisational changes by advising on DLP governance and service implications.

Your profile:

• Bachelor’s or Master’s degree in Cybersecurity, Information Security, IT, Risk Management, or a related discipline.
• Experience in information security governance, data protection, or risk management within a regulated or complex environment.
• Solid understanding of Data Leakage Prevention principles, including information handling, classification, secure data transfer, email and endpoint controls.
• Experience in information security governance, data protection, or risk management within a regulated environment, including practical application of requirements arising from GDPR, DORA, and related industry standard frameworks such as ISO/IEC 27001, NIST
• Strong analytical, documentation, and stakeholder management skills.
• Ability to translate governance requirements into practical, business aligned rules and service expectations.
• Proficiency in English; German language skills are an advantage.
• High degree of ownership, adaptability, and a proactive, quality driven mindset.