CF- IT Security and Compliance Engineer- Building Management (m/f/d) (BUM)

  • 29590 Málaga
  • Vollzeit
  • Berufserfahrene
  • 61506
Jetzt bewerben

For REWE digital Spain, a subsidiary of the REWE Group located in Málaga, we are looking for an IT Security & Compliance Engineer (m/f/d) to strengthen our Building Management product team. As the central solution provider for information and telecommunications systems, REWE digital plans, develops, and operates digital solutions for one of the leading retail and tourism groups in Europe.


Your Home of IT is our Building Management (BUM) product within the Corporate Functions (CF) domain and the Digital Office IT (DOIT) organization. The Building Management product supports a diverse portfolio of digital solutions that are essential for planning, constructing, operating, maintaining, and securing REWE Group facilities. These include building and maintenance management platforms, construction planning tools, room and workplace booking solutions, package tracking systems, and physical security solutions such as access control, video surveillance, and intrusion detection systems. As our IT Security & Compliance Engineer, you will act as the central point of contact for security, compliance, and governance topics across this application landscape. You will coordinate security measures with software vendors, infrastructure teams, security managers, and business stakeholders while ensuring that all relevant security controls and compliance requirements are implemented and maintained.

What you will do

  • Act as the primary contact for IT Security, Compliance, and Internal Control System (IKS) topics within the Building Management product.
  • Coordinate security-related activities across a broad application and infrastructure landscape.
  • Ensure compliance with internal security policies, governance requirements, and audit obligations.
  • Translate security requirements into implementation plans and coordinate their execution with vendors and infrastructure teams.
  • Drive and monitor the implementation of security measures such as:
  • Multi-Factor Authentication (MFA)
  • Patch and Vulnerability Management
  • Firewall Rule Management
  • Secure Communication and Encryption Standards
  • Identity and Access Management (IAM)
  • Security Hardening Measures
  • Define, maintain, and continuously improve authorization concepts and permission models.
  • Coordinate access reviews, user recertifications, and entitlement audits.
  • Perform risk assessments, protection requirement analyses, and security evaluations.
  • Review vulnerability reports, assess findings, derive mitigation plans, and coordinate remediation activities.
  • Support security audits and ensure timely implementation of corrective actions.
  • Maintain security documentation, audit evidence, and compliance records.
  • Coordinate and track security measures through Jira, service management tools, and governance processes.
  • Act as the interface between business stakeholders, software manufacturers, infrastructure specialists, security teams, and external partners.
  • Support vendor management activities from a security and compliance perspective.
  • Contribute to the continuous improvement of governance, compliance, and security processes within the Building Management landscape.

What you will bring

  • First and foremost, your personality: You enjoy coordinating complex topics, connecting different stakeholders, and driving sustainable solutions. You are interested in cybersecurity and governance topics, communicate confidently with technical and non-technical audiences, and take ownership of security-related challenges.
  • At least 3 years of professional experience in IT Security, Security Governance, Compliance, Risk Management, Application Security, Infrastructure Security, or a comparable field.
  • Experience coordinating security activities across multiple applications, stakeholders, and vendors.
  • Good understanding of common IT security controls and security best practices.
  • Experience with Identity & Access Management, authorization concepts, and user lifecycle processes.
  • Experience with vulnerability management, security assessments, and risk evaluations.
  • Experience supporting audits, compliance initiatives, or internal control systems.
  • Ability to coordinate implementation activities with software vendors and technical infrastructure teams.
  • Understanding of server, database, network, and cloud-based environments.
  • Strong analytical, organizational, and communication skills.
  • Ability to work independently after onboarding while collaborating effectively within an international team.
  • Professional English language skills (required).
  • German language skills are a strong plus.
  • Experience with Jira and Confluence is desirable.

 

Nice to have

  • Experience with ISO 27001, NIS2, BSI-related frameworks, or comparable security standards.
  • Experience working with Internal Control Systems (IKS).
  • Knowledge of SaaS governance and third-party risk management.
  • Experience with enterprise application security.
  • Understanding of security requirements in retail, logistics, facility management, or corporate environments.
  • Security certifications such as:
  • CompTIA Security+
  • CISSP
  • CISM
  • ISO 27001-related certifications

What we offer

  • A startup-like culture combined with the stability and strength of the REWE Group.
  • The opportunity to take ownership of security and compliance activities for a diverse and business-critical application landscape.
  • Close collaboration with experienced security experts, infrastructure specialists, architects, and software vendors.
  • An international and collaborative work environment with colleagues in Germany and Spain.
  • Flexible working hours and a hybrid working model.
  • Modern office facilities in Málaga.
  • Private medical insurance benefits.
  • Ticket Restaurant.
  • Professional development opportunities including technical training and language courses.
  • Day off on your birthday.
  • 25 days of paid vacation.
  • Open communication culture and the opportunity to shape security processes across a growing international organization.

Why join us?

Security and compliance are essential foundations for reliable digital business processes. In this role, you will become the central security coordinator for a broad portfolio of applications supporting construction, facility management, workplace services, logistics, and physical security within the REWE Group.

You will work at the intersection of application security, infrastructure security, governance, compliance, and stakeholder management. Rather than operating a single technology, you will ensure that security requirements are successfully implemented across a diverse ecosystem of applications, vendors, and infrastructure environments.

By coordinating security initiatives, reducing vulnerabilities, driving compliance activities, and supporting audits, you will make a tangible contribution to the resilience and security of REWE Group's Building Management landscape.

Apply now in English and become part of REWE digital Spain's growing technology organization.

 

CF- IT Security and Compliance Engineer- Building Management (m/f/d) (BUM)
29590 Málaga
Vollzeit
Berufserfahrene
Job-ID: 61506
Jetzt bewerben