Cyber Security Specialist

About NDT Global NDT Global is the leading provider of inline diagnostic solutions, advanced data insights, and integrity management services that safeguard energy-sector infrastructure. The company is recognized for its expertise in both ultrasonic inspection technologies — such as Pulse Echo, Pitch-and-Catch, Phased Array, and Acoustic Resonance (ART Scan) — and ultra-high-resolution Magnetic Flux Leakage (MFL) inspection services. These differentiated offerings, along with non-ultrasonic technologies like Inertial Measurement Units and others in development, enable NDT Global to deliver comprehensive asset integrity solutions. Innovation is at the core of NDT Global's mission. We continuously challenge the boundaries of existing technologies to deliver transformational solutions that empower the industry to achieve safer, more cost-effective pipeline management. Our commitment to research and development drives the creation of vital new methods and tools that address the evolving needs of our customers while setting new industry standards. By strategically applying inspection technologies to detect, diagnose, and model various types of threats, NDT Global provides predictive, decision-ready insights. These insights, driven by the world's most accurate data, enable asset owners to optimize infrastructure health, drive operational efficiencies, reduce risk, and minimize their carbon footprint. Purpose The Cyber Security Specialist – Governance, Risk & Compliance (GRC) is responsible for defining, implementing, and continuously improving NDT Global's cybersecurity governance, risk management, and compliance programs in alignment with global standards (CIS, NIST, ISO 27001). Operating within the IT team and collaborating across business units, this role ensures a consistent and proactive approach to cybersecurity governance, risk identification, and mitigation. The incumbent develops policies, leads risk assessments, and supports both technical and strategic initiatives to strengthen the organization's cyber resilience. Responsibilities Governance & Framework Implementation (30%) Establish and maintain cybersecurity governance aligned with CIS Controls, NIST CSF, and ISO 27001. Define policies, standards, and procedures supporting secure IT and business operations. Lead maturity assessments and drive continuous improvement of cybersecurity posture Risk Management Program Leadership (25%) Lead the enterprise cybersecurity risk management program, including identification, evaluation, mitigation, and reporting of risks. Maintain risk registers and ensure alignment with corporate risk appetite and compliance obligations. Partner with IT and functional leads to remediate vulnerabilities and prioritize controls. Security Operations Support (20%) Collaborate with IT infrastructure teams to ensure consistent monitoring, incident detection, and response. Provide guidance during incident handling and root-cause analysis. Participate in threat-hunting, penetration testing, and vulnerability management cycles. Compliance & Audit Readiness (15%) Ensure adherence to regulatory and client security requirements across regions (e.g., GDPR, SOC 2). Prepare and support internal and external IT security audits. Maintain evidence repositories for audit and compliance tracking Awareness & Continuous Improvement (10%) Lead employee cybersecurity awareness programs. Collaborate with HR and IT to roll out phishing campaigns and training. Measure program effectiveness and adjust initiatives accordingly Qualifications And Experience Bachelor's degree in cyber security, Computer Science, Information Systems, or related discipline. Minimum 5 years in cybersecurity governance, risk, and compliance functions Advanced certifications such as CISSP, CISM, or CRISC preferred. Additional certifications in GRC frameworks or auditing (ISO 27001 Lead Implementer, CISA) are assets. Proficiency in English (spoken and written); German language skills an advantage. Experience implementing or managing controls within CIS, NIST, or ISO 27001 frameworks. Proven ability to conduct enterprise-wide risk assessments and develop mitigation strategies. Experience supporting security operations, vulnerability management, and incident response. Familiarity with cloud and hybrid environments (Microsoft 365, Azure, AWS). Understanding of European data protection regulations (GDPR). Experience with GRC and risk-tracking platforms Strong knowledge of SIEM, endpoint detection, and vulnerability management tools Proficiency in Power BI or equivalent analytics platforms Skilled in policy lifecycle management tools and automated compliance workflows Skillset Governance Mindset: Designs and enforces scalable cybersecurity policies. Risk Leadership: Identifies and communicates risks effectively to senior management. Analytical Thinking: Translates complex threats into actionable controls. Communication: Bridges technical and business perspectives with clarity. Accountability: Drives ownership for risk reduction and audit readiness. Collaboration: Works across departments to embed cybersecurity in operations. Continuous Improvement: Evaluates emerging standards and integrates them proactively Benefits Full benefits package effective immediately for employees and their dependents Competitive pension matching program to secure your future Flexible time options to suit your personal and professional needs Supportive mentorship programs and career development opportunities Ongoing training to keep your skills sharp and help you grow Regular social events and programs to foster team spirit