Role Description As a Security Risk Manager, you will be part of a centralized information security governance team providing security risk management services across multiple Deutsche Telekom legal entities. The role focuses on operating and continuously improving the security risk management framework, while supporting and enabling local risk managers through consultation, training, and professional use of GRC tools. You will contribute to transparent risk reporting, effective risk mitigation, and harmonized governance practices in a complex, multinational environment. - Operate and continuously improve the security risk management process, methodologies, and related policies - Ensure alignment with group-level security standards and governance requirements - Support the integration of risk management into business and IT processes - Act as a trusted advisor for supported legal entities on information security risk topics - Train and upskill local risk managers on risk processes, methods, and policies - Provide hands-on guidance during risk identification, assessment, and treatment - Support professional usage of the GRC platform by local risk managers - Assist in risk creation, maintenance, and lifecycle management within the tool - Collect user feedback and represent business needs toward process and tool improvements - Identify, create, and manage security risks in cooperation with stakeholders - Monitor and support risk mitigation actions, including follow-up on progress and effectiveness - Ensure risks are properly documented and audit-ready - Prepare and maintain Top 10 risk reports, quarterly risk summaries, and ad-hoc reports - Define, monitor, and analyze risk KPIs and metrics - Provide management with insights on risk trends and improvement areas Qualifications - Bachelor’s or Master’s degree in Information Security, Computer Science, Engineering, Business Informatics, or a related field - High-level English language knowledge (spoken and written) - At least mid-level German language proficiency - 3–7+ years of experience in Information Security / Cybersecurity / Risk Management / GRC roles - Experience in large enterprise or multinational environments - Strong understanding of information security risk management frameworks (e.g. ISO 27005, NIST RMF) - Knowledge of information security standards (e.g. ISO 27001, NIST, CIS) - Ability to apply security governance principles in practical, business-aligned ways - Strong communication and stakeholder management skills - Ability to explain security and risk topics in business-friendly language - Structured, proactive, and solution-oriented mindset Requirements - Experience in training, coaching, or enablement activities - Experience working in a shared service or internal consulting model is an advantage - CRISC, CISM, CISSP, COBIT, ITIL or similar governance-related certifications - Hands-on experience with GRC tools (e.g. ServiceNow, Archer, OneTrust, or similar) Benefits - Please be informed that our remote working possibility is only available within Hungary due to European taxation regulation.

• Definición estratégica de revisiones de seguridad basada en riesgos, criticidad y prioridades del negocio. • Planificación, coordinación y seguimiento de múltiples iniciativas ofensivas simultáneas, incluyendo pentest y ejercicios de red team. • Gestión integral del ciclo de vida de las revisiones y auditorías de seguridad, desde la preparación hasta el cierre de acciones derivadas. • Supervisión de resultados e interpretación de informes técnicos de carácter ofensivo. • Coordinación de la respuesta a los informes derivados de las revisiones de seguridad. • Seguimiento de planes de remediación, asegurando su correcta ejecución en tiempo y forma. • Interlocución con clientes, equipos técnicos y responsables de negocio para garantizar una comunicación clara y alineada.

• Manage the Cyber Security area • Provide 2nd & 3rd Level Support with a focus on Cyber Security • Accept and resolve support cases directly • Lead and implement Cyber Security projects • Support our support and data center teams

Role Description Foresite is looking for a highly technical, results-oriented Cloud Security Engineer to serve as the technical lead for onboarding customers to GCP Security Command Center (SCC) and Wiz. In this role, you will be the driving force behind ensuring cloud security findings are seamlessly integrated into Google SecOps, providing our clients with a unified and actionable security posture. What You'll Do: - Operate at the heart of Foresite’s technical onboarding framework. - Lead the hands-on configuration of cloud security tools, partnering closely with customer analysts to translate complex findings into automated, high-fidelity security operations. - Drive successful technical handoffs and build custom detection and remediation logic. Technical Onboarding & Implementation - Lead the Integration: Lead the hands-on configuration of GCP SCC and Wiz for new customers, ensuring all high-fidelity security findings are correctly ingested into Google SecOps. - Data Integrity: Ensure technical accuracy in parser creation and UDM mapping to maintain the highest quality of security data. Detection & Automation - Custom Logic: Write custom YARA-L detection rules to correlate cloud posture findings with network traffic. - Streamline Response: Develop end-to-end SOAR Playbooks and utilize Python to write logic for custom actions, streamlining the customer's remediation workflows. Customer Enablement & Support - Technical Walkthroughs: Lead sessions for customer analysts, teaching them how to navigate SCC/Wiz findings and investigate alerts within the Google SecOps interface. - Troubleshooting: Act as the technical point of contact for resolving integration errors and optimizing automation scripts. Qualifications - At least 2 years of strong hands-on experience with Google SecOps (Chronicle), specifically in parser creation, UDM mapping, and YARA-L rule writing. - Proven experience configuring GCP SCC and Wiz, with foundational knowledge equivalent to a Google Cloud Associate Cloud Engineer. - Proficient in Python and enjoy using it to solve complex security automation challenges. - Demonstrated ability to manage a customer onboarding from technical kickoff to final handoff without constant senior oversight. - Ability to translate deep technical configurations into actionable insights for customer security teams. Nice to Have - Current Google Cloud Associate Cloud Engineer or professional security certifications. - Experience building complex API integrations between cloud security platforms. - Experience advising customers on cloud security best practices and long-term posture management. Benefits - Robust medical insurance options to keep you and your family healthy. - Employer-paid Dental coverage, as well as Short-Term (STD) and Long-Term Disability (LTD). - 3 weeks of paid vacation, plus additional sick leave and paid company holidays. - Access to world-class training to support your career trajectory. - Help protect global clients using the latest AI-enhanced security tools and GCP native technologies.