• Develop, manage, and continuously improve the organization’s Third-Party Risk Management (TPRM) program and platform, including policies, procedures, risk methodologies, and performance metrics. • Lead risk assessments and due diligence processes for new and existing third-party vendors, including IT, business services, SaaS providers, and critical suppliers. • Build criteria and processes to evaluate AI-based vendor technologies to identify risk exposure. • Evaluate vendor security practices, policies, and controls using industry frameworks (e.g., NIST CSF). • Partner with Procurement, Legal, Compliance, IT, and business stakeholders to integrate risk assessments into the vendor lifecycle—from onboarding through termination and to review contracts, Business Associate Agreements (BAAs), and data-sharing agreements. • Maintain a current and accurate vendor risk inventory and drive the development and execution of corrective action plans for vendors with risks or compliance gaps. • Oversee the implementation of continuous monitoring controls and ensure timely reassessments of vendor risks. • Collaborate with Internal Audit and Compliance teams to support external audits, regulatory requests, and risk reporting. • Prepare executive-level reporting on third-party risk exposure and program effectiveness for GRC leadership and Board-level stakeholders. • Stay current on emerging regulatory changes, industry standards (e.g., NIST, ISO, HIPAA, HITRUST), and best practices in third-party risk management, providing cybersecurity expertise and support for all IT Audit (SOX, PCI, HIPAA); Security Compliance (Vendor Security Assessments and Security Risk Analysis (SRA)); and Data Compliance (Data Classification and Automated / Continuous) audits.

• You will work for an emerging cybersecurity startup. • As a point of contact, you will advise potential clients and build trust-based relationships. • You have an affinity for new technologies and are enthusiastic about our solution and our mission to advance cybersecurity in Germany. • You monitor our competitors and keep an eye on cybersecurity-related developments to incorporate them into your consultations. • You communicate with companies by phone, email, and video conference — as required, in German and English.

• Provide support to Project Managers and Operations Specialists on an as-need basis • Monitor & control non-complex small projects • Coordinate and participate in multidisciplinary meetings

• Join NVISO’s Cloud Security team as a Cloud Security Consultant (Jr.) • Collaborate closely with colleagues and customers to understand their business and security requirements • Assess current security posture and develop tailored cloud security solutions • Design and implement Microsoft Entra tenant architecture • Implement Conditional Access policies and risk-based access • Deploy and operate Privileged Access Management (PAM) • Build secure landing zones using Azure Policy • Configure Azure Key Vault for secrets management • Deploy and tune Microsoft Defender for Cloud and Microsoft Sentinel • Implement Exchange Online, SharePoint, OneDrive, and Teams security baselines • Design data classification and labelling strategies