GRC / ISMS Manager

Enpal Germany
Relocation
Apply
AI Summary

Develop, maintain, and continuously improve Enpal's Information Security Management System (ISMS) and governance framework. Ensure alignment with regulatory obligations, business priorities, and audit readiness across all departments. Requires strong experience in ISO 27001, risk management, and cross-functional stakeholder collaboration.

Key Highlights
ISO 27001 and ISO 27701 certified ISMS development and maintenance
Direct reporting to CISO with no disciplinary people management
Cross-functional coordination with Technology, Product, Legal, Compliance, and Operations teams
Internal and external audit preparation and certification support
Risk assessment, control reviews, and remediation tracking
Key Responsibilities
Develop, maintain and continuously improve the ISMS including policies, standards, procedures and control frameworks
Coordinate security governance activities and ensure alignment with internal requirements, regulatory obligations and business priorities
Perform and facilitate information security risk assessments, control reviews and remediation tracking
Prepare, coordinate and support internal and external audits, certifications and compliance reviews
Maintain risk registers, control documentation, evidence repositories and management reporting materials
Partner with stakeholders across Technology, Product, Legal, Compliance, Data Protection, Operations and other business areas to implement security and compliance requirements
Support third-party risk management activities including assessment coordination, documentation review and follow-up actions
Develop reporting for senior management and the CISO including KPIs, KRIs, control status and risk exposure updates
Drive awareness of governance and security requirements through documentation, guidance and cross-functional enablement
Technical Skills Required
ISO 27001 ISO 27701 Risk assessment Audit preparation Policy development
Benefits & Perks
Hybrid working concept
Workflex: up to 30 days relocation abroad per year
29 + 2 vacation days
Discounted Wellhub membership
Corporate benefits

Job Description


Our goal is to have a solar system on every roof, a storage unit in every house, and an electric car in every garage. Enpal makes this possible with an integrated total solution for decentralized energy—from solar systems and battery storage to wall boxes, smart meters, and heat pumps. At the heart of it all is our AI-powered platform Enpal.One+, which intelligently connects thousands of systems and efficiently optimizes electricity procurement and feed-in on the energy market.

Are you ready for solutions that are more than just a promise and bring real quality of life to thousands of households every day? What you create at Enpal will deliver clean electricity tomorrow and bring about lasting change in how we use energy.

The GRC / ISMS Manager is responsible for the development, operational management and continuous improvement of the company’s governance, risk and compliance framework as well as the Information Security Management System (ISMS). The role acts as a key interface between Information Security and business functions, ensuring that security governance, regulatory expectations, risk transparency and audit readiness are embedded in a pragmatic and scalable way. This is an individual contributor manager role without disciplinary people management responsibility and with direct reporting to the CISO.

What You'll Do

  • Develop, maintain and continuously improve the ISMS, including policies, standards, procedures and control frameworks.
  • Coordinate security governance activities and ensure alignment with internal requirements, regulatory obligations and business priorities.
  • Perform and facilitate information security risk assessments, control reviews and remediation tracking.
  • Prepare, coordinate and support internal and external audits, certifications and compliance reviews.
  • Maintain risk registers, control documentation, evidence repositories and management reporting materials.
  • Partner with stakeholders across Technology, Product, Legal, Compliance, Data Protection, Operations and other business areas to implement security and compliance requirements.
  • Support third-party risk management activities, including assessment coordination, documentation review and follow-up actions.
  • Develop reporting for senior management and the CISO, including KPIs, KRIs, control status and risk exposure updates.
  • Drive awareness of governance and security requirements through documentation, guidance and cross-functional enablement.

What you'll bring

  • Several years of professional experience in GRC, ISMS, Information Security, IT Risk, Audit or Compliance.
  • Strong working knowledge of common frameworks and standards such as ISO 27001, NIST, SOC 2 or comparable control frameworks.
  • Proven experience in policy development, risk management, audit preparation and evidence-based compliance work.
  • Ability to work effectively in cross-functional, fast-paced and evolving business environments.
  • Strong analytical, organizational and stakeholder management skills.
  • Excellent written and verbal communication skills in English; German is a strong advantage.

Success Profile

  • Structured and detail-oriented, while able to balance governance quality with business pragmatism.
  • Confident working with both technical and non-technical stakeholders.
  • Comfortable taking ownership in a fast-scaling environment with short decision paths and high visibility.

What We Offer

  • Work at Germany's first green unicorn - Play an active role in shaping the solar energy transition.
  • The sun shines all over the world - At Enpal, you'll work with a highly motivated, diverse team of over 65 nationalities.
  • The ideal setup for your focus - We are convinced that excellent results are achieved when the conditions are right. That's why we rely on a hybrid working concept that gives you the freedom to always work in the way that best suits your tasks. Do you need new inspiration on an international level? With Workflex, we offer you the opportunity to relocate abroad for up to 30 days a year, depending on your responsibilities.
  • Grown-up business & startup spirit - In our modern office in Berlin-Friedrichshain, you'll find everything your heart desires, from height-adjustable desks and table tennis to stocked beverage fridges and barista coffee.
  • Your kick-start at Enpal - Onboarding day with a welcome bag, buddy program, and a team that really supports you.
  • Stay up to date & help shape the future - Transparent all-hands meetings, short decision-making processes, and an open feedback culture - without mistakes, there is no progress.
  • The energy transition can only be achieved together - At Enpal, you can expect legendary team spirit and unforgettable team events.
  • Your extra boost - 29 + 2 vacation days, discounted membership at Wellhub, and corporate benefits. Everything you need to help you achieve a good work-life balance.

At Enpal, we are proud of the diversity of our team. No decisions are made on the basis of skin colour, religion or religious belief, ethnic or national origin, nationality, gender identity, sexual orientation, disability or age, either during recruitment or employment. Enpal stands for a safe workplace and takes action against discrimination and harassment of any kind.

Similar Jobs

Explore other opportunities that match your interests

eCommerce Growth Analyst

Programming
5h ago
Visa Sponsorship Relocation Remote
Job Type Full-time
Experience Level Mid-Senior level

Distribusion Technologies

Germany

Principal Software Engineer - ZEOS B2B Platform

Programming
6h ago

Premium Job

Sign up is free! Login or Sign up to view full details.

•••••• •••••• ••••••
Job Type ••••••
Experience Level ••••••

Zalando

Germany

AI Engineer

Programming
6h ago

Premium Job

Sign up is free! Login or Sign up to view full details.

•••••• •••••• ••••••
Job Type ••••••
Experience Level ••••••

Raisin

Germany

Subscribe our newsletter

New Things Will Always Update Regularly