Head of Cyber Governance, Risk & Compliance (f/m/d)

Step out of your comfort zone, excel and redefine the limits of what is possible. That's just what our employees are doing every single day – in order to set the pace through our innovations and enable outstanding achievements. After all, behind every successful company are many great fascinating people.

In a spacious modern setting full of opportunities for further development, ZEISS employees work in a place where expert knowledge and team spirit reign supreme. All of this is supported by a special ownership structure and the long-term goal of the Carl Zeiss Foundation: to bring science and society into the future together.

Join us today. Inspire people tomorrow.

Diversity is a part of ZEISS. We look forward to receiving your application regardless of gender, nationality, ethnic and social origin, religion, philosophy of life, disability, age, sexual orientation or identity.

Apply now! It takes less than 10 minutes.

Welcome to ZEISS – a company that combines innovation and responsibility! Our corporate functions are diverse and make a decisive contribution to the strategic orientation and sustainable success of ZEISS.

As the Head of Cyber Governance, Risk & Compliance you are responsible for leading the global corporate function for designing, implementing and continuously improving a robust and global ZEISS Cyber Governance, Risk & Compliance (GRC) Framework. Leading the global team responsible for group-wide Cyber GRC, the role oversees the strategic development and continuous improvement of an actionable and future-proof control framework that enables compliance with cyber security regulations and customer requirements for ZEISS on a global scale.

This role proactively leads the team responsible for providing comprehensive security policies, standards, and guidelines based on the organizations risk appetite, drives assessments and steers (regulatory) compliance initiatives. The position exists to provide ZEISS with clear cyber accountability across the organization, controlled cyber risk exposure, and a unified cyber governance structure that supports secure business growth and innovation.

Your role:

• Strategy & Leadership: Contribute to the overall ZEISS Cyber Strategy by setting the long‑term direction for Cyber GRC across ZEISS and ensure that it evolves with business, technology, and regulatory developments. Drive execution with the team by breaking down GRC-relevant target pictures into tangible roadmaps and actions for impactful implementation.

• Cyber Governance, Risk & Compliance Framework: Provide the organization with structure and clarity by continuously improving the global ZEISS Cyber GRC Framework, embodying a data- and process driven mindset that makes adherence measurable and anticipating future technological and regulatory developments.

• Cyber Governance & Management System: Take ownership of the cyber governance for ZEISS by defining and managing cyber-related policies, standards, and guidelines on enterprise-level. Ensure the control landscape is comprehensive and accessible as part of the ZEISS Management System. Establish enforcement mechanisms and reporting structures to ensure that minimum security baselines consistently are met throughout the ZEISS organization.

• Cyber Risk Management: Take ownership of the enterprise‑wide cyber risk management framework that enables the ZEISS organization to assess, report and mitigate cyber-related risks in a consistent way and allows to manage risks to levels in line with the overall risk appetite, fostering a culture of transparency and risk-based decision-making.

• Cyber Compliance & Audit Readiness: Take ownership for cyber-related regulatory and contractual compliance and ensure that ZEISS remains prepared by monitoring emerging regulations and requirements. Enable audit-readiness and provide support to the business with cyber-related audit and assessments.

• Cyber Risks in Third‑Party & Supply Chain : Design and implement a forward‑looking third‑party security strategy that ensures partners, suppliers, and vendors meet ZEISS' security requirements, monitoring and reducing ecosystem risk before it materializes.

• Cyber Risks in Mergers & Acquisitions: Ensure cyber security due diligence and integration excellence during M&A activities, anticipating risks early and safeguarding ZEISS expanding global footprint.

• Continuous Improvement & Enablement: Ensure Cyber GRC activities are aligned with business priorities and cyber-risks are embedded into operational and strategic decision‑making. Work closely with business units to ensure policies and assessments are relevant and practical and can be adopted effectively. Enable security baseline adoption by linking governance aspects with central cyber-related services and products, allowing for efficient compliance.

• Leadership & Development: Functionally and disciplinarily leading a global team with high strategic relevance, this role fosters a culture of collaboration, innovation, and accountability within their team. The role involves leading and developing a high-performing global team, providing clear direction, mentorship, and opportunities for professional growth. By promoting an inclusive and empowering environment, this leadership position is a role model for ZEISS values and strategic goals, while driving engagement and motivation across the organization, cultivating strong relationships with stakeholders to achieve shared success.

• Advanced degree in Business Administration, Information Security, Information Systems, Cyber Security, IT Security, Security Engineering, Security Governance or a related discipline (Bachelor's or Master's degree) or an equivalent mix of education and professional experience.

• Proven professional experience in cyber security across multiple fields with related senior or leadership roles across global organizations.

• One or more relevant and current information security certifications from an established organization (such as CISSP, CISM, CRISC, CISA, ISO/IEC27001 Lead Auditor or Implementor or equivalent).

• Strategic GRC leadership with the ability to define long-term Cyber GRC vision, translate target pictures into actionable roadmaps, and deliver outcomes via global teams.

• Demonstrated expertise with major cyber security frameworks such as NIST CSF/800-53, ISO/IEC 27000 series and enterprise governance and policy management.

• Experience in building and managing enterprise management systems and control frameworks, including audit readiness and risk reporting to executive stakeholder.

• Proven record in driving compliance and audit readiness across multiple regulatory jurisdictions as well as contractual and consumer requirements.

• Enable change and address various stakeholders to drive adoption of security baselines across business units, communicate clearly to non-technical leaders, and foster an inclusive and high-performance culture.

• Experience in functionally and disciplinarily leading international and global teams within a business or technical environment, demonstrating a proven track record of strategic planning, team development, and operational excellence.