Definition of security requirements for API-first and headless architecture (OAuth2, OIDC, token-based security) * Ensuring compliance with GDPR, NIS2, ISO 27001 for example and internal audit requirements; defining data protection and classification standards * Definition of security requirements in contracts, DPAs, and architecture decisions * Acting as trusted to business leadership — translating security policies into business-relevant requirements and aligning security priorities with business objectives and risk appetite - Working knowledge of ISO 27001, NIST CSF, NIS2, and GDPR, plus familiarity with risk frameworks (e.g. ISO 27005, FAIR) — able to translate framework requirements into pragmatic controls
mehr