Security Professional, Security Governance

Syntax is a leading Managed Cloud Provider for Mission Critical Enterprise Applications and has been providing comprehensive technology solutions to businesses of all sizes since 1972. Syntax has undisputed strength to implement and manage ERP deployments (Oracle, SAP) in a secure and resilient private, public or hybrid cloud. With strong technical and functional consulting services, and world-class monitoring and automation, Syntax serves some of North America’s largest corporations across a diverse range of industries. Syntax has offices worldwide, and partners with Oracle, SAP, AWS, Microsoft, IBM and other global technology leaders.

POSITION SUMMARY

The Senior Security Governance Specialist will be responsible for executing and maintaining Syntax’s security framework, with a strong focus on sustaining the Information Security Management System (ISMS) in alignment with ISO 27001 and other relevant frameworks. This role requires technical knowledge across key security domains (such as access control, logging/monitoring, cloud, identity, and vulnerability management) to ensure policies and standards are practical, accurate, and aligned with operations. The specialist must be comfortable engaging with engineers, customers, auditors, and business stakeholders, acting as a translator between technical depth and governance requirements.

Responsibilities

· Maintain and enhance the ISMS, ensuring processes are documented, monitored, and continuously improved.

· Develop, review, and maintain security policies, standards, and procedures (including technical standards such as IAM, Logging, Cloud Security, and SDLC) in collaboration with engineering and operations teams.

· Participate in technical security discussions (e.g., logging, cloud controls, IAM, PAM, endpoint security) to ensure governance requirements are realistic and enforceable.

· Review proposed technical designs or projects for alignment with security policies and standards.

· Coordinate with GRC during internal and external audits by preparing evidence, ensuring timely responses, and tracking corrective actions to closure.

· Support Enterprise Risk Management (ERM) activities by contributing to risk assessments, risk treatment planning, and monitoring mitigation progress.

· Develop and deliver governance and policy-related training to business units, functional leaders, and technical teams.

· Translate technical requirements into control language that auditors and business leaders can understand.

· Provide input into governance metrics by maintaining dashboards, contributing data points, and preparing summaries for management and stakeholders.

· Contribute to supplier and third-party governance activities by ensuring minimum security requirements are addressed in procurement processes.

· Engage directly with customers to support the development or enhancement of their security governance programs, ensuring alignment with recognized frameworks and Syntax practices.

Required Skills and Experience

· 3–5 years of experience in information security governance, compliance, or risk management roles, with exposure to ISMS (ISO 27001).

· Strong knowledge of security domains: identity & access management, network security, cloud security, vulnerability management, logging/monitoring, incident response.

· Ability to engage in technical discussions with engineers while writing governance documents in clear, business-oriented terms.

· Strong knowledge of regulatory frameworks and standards (ISO 27001, SOC 2, NIST CSF, GDPR, etc.).

· Hands-on experience supporting audits, evidence preparation, and corrective action tracking.

· Exceptional policy/standards writing and stakeholder management skills.

· Analytical, problem-solving, and critical thinking skills, with eagerness to continuously learn.

· Resourceful, self-motivated, and effective in team environments.

· Professional certifications such as ISO 27001 Lead Implementer/Lead Auditor or similar are an advantage.

· English fluency (written and spoken).

Key Technologies

· Identity & Access Management: AD/Entra ID, Azure AD, CyberArk

· Cloud platforms: AWS, Azure, Oracle Cloud

· SIEM/Logging: Splunk, Sentinel, Elastic

· Vulnerability Management: Qualys, Tenable

· Other tools: ServiceNow, Confluence/SharePoint

Why Syntax?

Become a part of our success story and work in a company with exciting innovation projects that are causing a stir across the industry. We recently launched one of the world's most advanced manufacturing facilities based on SAP S/4HANA Cloud and SAP Digital Manufacturing Cloud for Execution - for Smart Press Shop, a pioneering joint venture between Porsche and forming specialist Schuler.  

• Competitive, above-average compensation
• Global tourist: With us, you can also work from abroad from time to time
• Flexible working time models, home office
• Attractive benefits, e.g. company pension scheme or various health offers
• A modern environment in which the "you" is part of it
• Open feedback culture, flat hierarchies and a motivated team
• Individual career planning with continuous training and coaching on the job

You see a personal challenge in this responsible task? Apply now - and become part of the SYNTAX team!