IT Compliance & Risk Specialist
OESL-Automotive
Remoto
In this role, you will contribute to IT compliance monitoring, audit readiness, and governance development, maintenance and assurance across the IT landscape. Working closely with and under the guidance of your direct supervisor within the IT Governance & Compliance team, you will play an active role in the development and operation of the IT compliance framework, applying compliance requirements with technical understanding and practical judgment.
You will work closely with IT Security, Infrastructure, Operations, Legal, Data Protection, and Internal Audit, building the cross-functional relationships and domain expertise that make second-line oversight effective. Beyond compliance monitoring and governance management, the role also covers IT-relevant risk assessment and internal controls support, contributing to the organization's risk management cycle and ICS framework from an IT perspective. This is a role with real exposure to certifications (Ex: TISAX, ISO 27001), to auditors, and to a lean, focused GRC team where your work is visible and your contribution matters.
Responsibilities
IT Compliance Monitoring & Evidence Management
- Monitor adherence to IT compliance requirements across applicable frameworks (TISAX / VDA ISA, ISO 27001, GDPR, IATF 16949 IT-adjacent) and maintain up-to-date compliance evidence and documentation.
- Maintain IT compliance registers and support periodic status reporting to GRC leadership.
- Track audit findings, non-conformities, and corrective actions; support timely closure and escalate unresolved items to the direct supervisor.
- Support the annual ICS review cycle for IT-relevant controls, including evidence collection, control testing documentation, and coordination with IT process owners.
- Contribute to IT risk assessments and risk register maintenance, identifying emerging risks and flagging items requiring escalation.
- Assist in preparation of risk reporting inputs for GRC leadership.
- Maintain and develop IT governance documentation, including policies, procedures, and guidelines, ensuring currency, approval status, and alignment with applicable standards.
- Coordinate review cycles, approval workflows, and version control for IT governance documents.
- Support continuous improvement of IT compliance and governance processes with structured methodology.
- Support the operation of GRC tools and systems used across the compliance and risk management function, ensuring data quality, traceability, and completeness of compliance and risk documentation.
- Contribute to compliance reporting activities, including preparation of status inputs and reporting outputs for IT-relevant topics.
- Engage actively with evolving tooling approaches and technology-supported compliance solutions, bringing operational insight and constructive challenge to how tools are configured, used, and developed over time.
- Support internal and external IT-related audit processes, including evidence preparation, audit coordination, and tracking findings.
- Support data protection compliance activities in the IT domain, including maintenance of records of processing activities and coordination with the Data Protection Officer.
- Assist in legal hold and IT case management activities in coordination with Legal as required.
- Support IT Business Continuity Management (BCM) activities, including maintenance of BIA documentation and continuity plan updates.
- Assist in preparation and follow-up of IT emergency management exercises and continuity documentation reviews.
Education & Certifications
- Bachelor's degree in Information Technology, Business Administration, Law, or a related field; specialization or coursework in compliance, IT governance, or information security is an advantage.
- Certifications such as ISO 27001 Foundation, CIPP/E, or ITIL Foundation are beneficial but not required; willingness to pursue relevant certifications is expected.
- 2-4 years of professional experience in IT compliance, IT governance, IT risk management, or a related GRC function.
- Demonstrable involvement in audit support, control testing, compliance documentation, or risk assessment activities, ideally in an in-house compliance or governance function, or in an advisory role with direct client-side delivery responsibility.
- Experience in the automotive, manufacturing, or technology sector is an advantage.
- Working knowledge of IT compliance and regulatory frameworks, including TISAX / VDA ISA, ISO 27001, and GDPR.
- Understanding of IT controls, audit processes, and evidence management.
- Sufficient background in IT systems, architectures, and security controls to assess risks, evaluate control effectiveness, and constructively challenge technical decisions.
- Familiarity with GRC tooling and basic reporting tools (e.g. Excel, Power BI) is beneficial.
- Ability to apply compliance requirements pragmatically, without unnecessary overhead, in a way that supports operational business objectives.
- Structured, analytical working style with strong attention to detail and consistent follow-through on concurrent workstreams.
- Ability to work effectively across technical and non-technical stakeholders, translating compliance requirements into technical language without losing precision.
- High degree of self-organization, problem solving mindset and willingness to develop broader responsibility over time.
Fluent English (working language).
About Us
Original Equipment Solutions (OESL) is a global automotive supplier delivering Thermal, Emission Reduction, Sealing and Damping Solutions. Building on decades of experience within Continental corporation, we connect materials to deliver high-quality components for commercial and passenger vehicles.
Today, OESL operates as an independent organization and our solutions and engineering services for all drivetrains support the industry move forward — towards cleaner, safer, more comfortable and efficient mobility.
OESL currently employs around 14,000 people globally in 14 countries and generated sales of around €1.7 billion in fiscal year 2025.