Leading the global corporate function for designing, implementing and continuously improving a robust and global ZEISS Cyber Governance, Risk & Compliance (GRC) Framework., Overseeing the strategic development and continuous improvement of an actionable and future-proof control framework that enables compliance with cyber security regulations and customer requirements for ZEISS on a global scale., Proactively leading the team responsible for providing comprehensive security policies, standards, and guidelines based on the organizations risk appetite., Driving assessments and steering (regulatory) compliance initiatives., Providing ZEISS with clear cyber accountability across the organization, controlled cyber risk exposure, and a unified cyber governance structure that supports secure business growth and innovation., Contributing to the overall ZEISS Cyber Strategy by setting the long-term direction for Cyber GRC across ZEISS and ensure that it evolves with business, technology, and regulatory developments., Driving execution with the team by breaking down GRC-relevant target pictures into tangible roadmaps and actions for impactful implementation., Continuously improving the global ZEISS Cyber GRC Framework, embodying a data- and process driven mindset that makes adherence measurable and anticipating future technological and regulatory developments., Defining and managing cyber-related policies, standards, and guidelines on enterprise-level., Ensuring the control landscape is comprehensive and accessible as part of the ZEISS Management System., Establishing enforcement mechanisms and reporting structures to ensure that minimum security baselines consistently are met throughout the ZEISS organization., Taking ownership of the enterprise-wide cyber risk management framework that enables the ZEISS organization to assess, report and mitigate cyber-related risks in a consistent way and allows to manage risks to levels in line with the overall risk appetite, fostering a culture of transparency and risk-based decision-making., Taking ownership for cyber-related regulatory and contractual compliance and ensure that ZEISS remains prepared by monitoring emerging regulations and requirements., Enabling audit-readiness and providing support to the business with cyber-related audit and assessments., Designing and implementing a forward-looking third-party security strategy that ensures partners, suppliers, and vendors meet ZEISS' security requirements, monitoring and reducing ecosystem risk before it materializes., Ensuring cyber security due diligence and integration excellence during M&A activities, anticipating risks early and safeguarding ZEISS expanding global footprint., Ensuring Cyber GRC activities are aligned with business priorities and cyber-risks are embedded into operational and strategic decision-making., Working closely with business units to ensure policies and assessments are relevant and practical and can be adopted effectively., Enabling security baseline adoption by linking governance aspects with central cyber-related services and products, allowing for efficient compliance., Functionally and disciplinarily leading a global team with high strategic relevance, fostering a culture of collaboration, innovation, and accountability within their team., Leading and developing a high-performing global team, providing clear direction, mentorship, and opportunities for professional growth., Promoting an inclusive and empowering environment, acting as a role model for ZEISS values and strategic goals, while driving engagement and motivation across the organization, cultivating strong relationships with stakeholders to achieve shared success.
