About Us
SUSE is a global leader of enterprise open source software. By transforming community innovations into secure, sovereign and AI-ready solutions, SUSE empowers customers to escape vendor lock-in and regain control of their IT destiny. Through industry-leading Linux, Kubernetes, Edge and AI infrastructure solutions, SUSE delivers the flexibility to innovate everywhere—from the data center to multi-cloud and out to the edge. Only SUSE also manages many Linux and Kubernetes distributions. At SUSE, Choice Happens because we prioritize community, interoperability and relentless innovation. Discover how we power mission-critical .
Cybersecurity GRC & AI Governance Expert
Job Description
Position Overview
We are seeking a highly skilled Cybersecurity GRC & AI Governance Expert to join our fully remote Cybersecurity GRC team. In this cybersecurity role, you will support the execution and continual improvement of SUSE’s global cybersecurity governance, risk management and compliance strategy. In addition, this position acts as the subject matter expert for AI Governance, anchoring the organisation’s AI governance capability within the GRC function and ensuring that internal AI management and product integrations comply with emerging global regulations.
The ideal candidate for this role possesses a strong background in traditional security frameworks (ISO 27001, SOC 2) alongside a practical understanding of AI risk management (ISO 42001, EU AI Act).
Key Responsibilities
* Cybersecurity GRC
* Governance & Policies: Develop, maintain and support implementation of SUSE ISMS policies, procedures and standards, working with control owners and accountable functions to ensure requirements are understood, implemented and evidenced.
* Technical Control Management: Ensure governance policies are effectively translated into technical controls, driving the continuous improvement in this area.
* Risk Management
* Compliance & Frameworks: Oversee control and evidence collection management for key compliance frameworks, notably ISO/IEC 27001, SOC 2, NIS2, BSIG, and DORA. Familiarity with Common Criteria certification concepts and assurance requirements, including EAL4+ or comparable certification expectations, is an advantage.
* Audit Facilitation: Coordinate and lead internal and external security audits. Serve as the primary point of contact for external auditors and track remediation plans for any identified gaps.
* Security Awareness: Design and deliver security awareness initiatives to promote a culture of compliance.
* GRC Engineering: Define and improve GRC and AI governance workflows, evidence models, dashboards and automation requirements. Partner with the Cybersecurity GRC Engineer to implement, configure and maintain tooling, integrations and automated workflows
* GRC Platform Management: Maintain, configure, and optimize GRC platform
* AI Management & Governance
* AI Management System: Operationalize and maintain SUSE’s AI Management System in alignment with the ISO/IEC 42001
* Regulatory Compliance: In cooperation with the legal department, monitor and implement compliance of internal AI adoption, AI-enabled business processes, AI-enabled engineering workflows, AI-enabled or AI-related products with EU AI Act and other relevant global AI regulations.
* AI Risk & Threat Modelling
Required Skills & Qualifications
* Experience: 5+ years in Cybersecurity GRC and 3+ in AI Governance or related field
* Regulatory & Standard Expertise: Deep knowledge of ISO/IEC 27001, ISO 42001 and SOC 2 frameworks. Comprehensive knowledge of current EU cybersecurity regulations (NIS2, CRA, DORA, EU AI Act)
* Audit Experience: Experience managing end-to-end audit lifecycles.
* AI Management Knowledge: Demonstrated understanding of AI concepts and the operational risks associated with deploying AI technologies in an enterprise environment
* Technical Proficiency: Ability to collaborate effectively with Engineering, Security Operations and Security Architect teams.
* Communication: Clear communication skills. Experience leading cross-functional initiatives across different technical/compliance teams is an advantage.
* AI Efficiency: Demonstrated ability to effectively leverage and integrate AI tools into daily workflows
* Open Source Knowledge: Familiarity with open-source software is an advantage
* Cybersecurity Certifications are an advantage.
* If this role is filled in Italy, the expected Total Target Compensation (“TTC”) range is between 58,000 EUR and 78,000 EUR gross annually. The TTC includes both the annual base salary and target corporate bonus opportunity, which is typically paid quarterly, as well as access to an attractive benefits package.
* Actual compensation will be determined based on objective, non-discriminatory criteria including experience, skills, qualifications, geographical location, internal equity, and budget considerations. Bonus payments are subject to the terms of the applicable bonus plan and company policies. Please note that this compensation information is applicable to roles hired in Italy only.
This position is subject to a background check(s), including criminal, credit, and/or employment references. The candidate is required to complete the background check(s) once an offer has been accepted. This will be conducted by SUSE’s external provider, where legally permitted.
Job
Information Technology
What We Offer
We empower you to be bold, driving your career to create the future you want. We celebrate and reward your achievements.
SUSE is a dynamic environment that is evolving rapidly, thus requiring agility, strong entrepreneurship and an open mind.
This is a compelling opportunity for the right person to join us as we continue to scale and prosper.
If you’re a big thinker, obsessed by execution and thrive in a dynamic environment in which you can tangibly create a lasting legacy, then please apply now!
We give you the freedom to be yourself. You will work in a global community of unique individuals – like you – with different backgrounds, talents, skills and perspectives. A truly open community where everyone is welcome, has a voice and is encouraged to reach their full potential regardless of age, gender, race, nationality, disability, sexual orientation, religion, or any other characteristics.
Sounds like the right fit for you? Click Apply to submit your resume. A recruiter will contact you if your skills match our current or any future positions. In the meantime, stay updated on the latest SUSE news and job vacancies by joining our Talent Community.
SUSE Values
SUSE’s culture is centered on four key values - Choice, Community, Trust, and Innovation - which are deeply integrated with our open source ethos. SUSE fosters a diverse and inclusive environment where our people are encouraged to be themselves.
Choice
We are continuously making choice happen
We are accountable for our choices
We never get complacent
Community
Nobody is smarter than everybody
We embrace diversity of thought
We are “open source first, upstream first” where collaboration benefits all
Trust
We are trusted to deliver with integrity
We offer trust by default, and do not wait for it to be earned
We foster an environment where everyone trusts each other
Innovation
We foster a culture of experimentation, and embrace change by challenging the norm
We are committed to continuous improvement, creativity and adaptability
Ideas are great, but without execution they are just ideas