Security, Vulnerability & Compliance Manager (m/f/d)
BARCELONA, B, ES, 08005
The Security, Vulnerability & Compliance Manager plays a crucial role in safeguarding Allianz Technology's technology landscape by driving enterprise-wide security, resilience, compliance and governance coordination across CTO2 and multiple Operating Entities (OEs). You will be responsible for managing vulnerability lifecycles, coordinating remediation oversight, tracking compliance against regulatory and internal standards, and presenting risk posture and countermeasures to key stakeholders to support informed, timely and defensible decision-making.
The role acts as the operational coordination and governance engine behind complex cross-functional security and resilience programmes. It ensures visibility, accountability, escalation management, KPI transparency and executive reporting in line with DORA, the Allianz Risk Shield (ARS), Identity & Access Management (IAM), the Configuration Management Database (CMDB), Vulnerability Management (AVM), Third Party Risk Management (TPRM), Web Application Firewall (WAF) coverage and broader security governance objectives.
You will operate at the intersection of executive communication, programme governance and technical infrastructure strategy — translating complex, high-volume security data into clear narratives and actionable countermeasures for governance forums, SteerCos and executive leadership across the OE landscape.
What you do
- Coordinate and govern enterprise-wide Security & Resilience initiatives across CTO2 regions and Operating Entities, applying a proactive "manage by exception" operating model: organise and facilitate recurring governance forums, SteerCos, operational reviews and executive reporting on a defined monthly cadence, maintain governance structures, stage gates, escalation paths, SPOC models and delivery-tracking mechanisms, ensure action ownership, accountability and follow-through to agreed deadlines, and support leadership teams in identifying delivery risks, blockers, dependencies, remediation priorities and countermeasures.
- Govern Allianz Risk Shield (ARS) programme execution across CTO2 environments, including planning, tracking and reporting of compliance progress: monitor self-attestation, evidence collection, testing progress, control effectiveness and compliance-score targets, drive remediation and uplift activities required to achieve and sustain those targets, coordinate Service Owners, SPOCs, Information Security Officers and regional stakeholders to maintain momentum, manage escalations relating to unmanaged risks, Archer remediation actions and compliance blockers, and ensure audit readiness, evidence completeness and governance of mitigation actions, reassessments and remediation tracking.
- Oversee the end-to-end vulnerability remediation lifecycle across Operating Entities (identification, prioritisation, remediation tracking, verification), track backlog reduction, remediation targets, SLA compliance and KPIs, govern executive reporting for vulnerability management, coordinate enterprise Attack Surface Management (ASM) governance (exposed URLs, internet-facing applications, cloud exposure, WAF onboarding), govern GitHub Advanced Security, code scanning, repository onboarding and secure-development remediation tracking, support governance for secure coding, DevSecOps, CI/CD security controls and software supply-chain security, support risk-acceptance governance and transparency of legacy or non-remediable vulnerabilities, and ensure vulnerability dashboards, Power BI metrics and reporting data remain accurate, timely and actionable.
- Drive enterprise CMDB remediation and data-quality improvement (CI-to-service mapping accuracy, ownership validation, mandatory attribute completion), lead CMDB Quality Management governance across infrastructure, applications and service portfolios, coordinate alignment between CMDB, Service Portfolio Management (SPM), Service Validation and ADO IT structures, support service rationalisation, managed-service classification and ownership-alignment exercises, govern remediation of partially managed, unmanaged, deprecated or misaligned service records, coordinate decommissioning governance for obsolete, legacy, redundant or out-of-scope services and infrastructure (including exit-programme and platform-retirement activities), ensure service inventories and governance reporting remain aligned throughout transformation and exit activities, and track remediation KPIs in alignment with audit and compliance deadlines.
- Manage IAM authorization-concept completion and governance across in-scope systems and services, support implementation and tracking of IAM remediation activities and large-scale remediation programmes, govern reporting of IAM compliance, coverage and progress, support access governance and audit readiness, and coordinate with central IAM, GIAM, Archer and Security teams to align definitions and reporting standards. Additionally, support governance of Third Party Risk Management (TPRM) initiatives (vendor remediation tracking, service-mapping activities), Business Continuity Management (BCM) and contractual risk remediation, and coordinate governance and reporting for WAF coverage and DDoS remediation, consolidating security inventories and remediation status across regions.
- Develop and maintain executive-level reporting packs, dashboards and governance materials ensuring accuracy, consistency and quality, standardise KPI definitions, reporting methodologies and data-quality controls across regions and security domains, steer Power BI dashboard governance and reporting automation (consolidating data from multiple sources into actionable executive insights), produce monthly operational reporting, one-pagers, management summaries and governance presentations for SteerCo and executive audiences, and act as a trusted coordination point and SPOC between Heads of IT, Security Leads, Service Owners, regional teams and central governance functions, facilitating cross-functional collaboration across international and matrixed teams and supporting senior leadership decision-making through accurate, concise and actionable reporting.
- Improve reporting efficiency through automation, AI-supported reporting and governance tooling in line with Allianz data-handling and compliance standards, reduce manual reporting effort through standardisation and process optimisation, introduce scalable governance practices and operational efficiencies, drive continuous improvement of governance operating models, and build strong relationships with regional SPOCs and central programme teams, escalating critical risks and blockers proactively.
What you bring
- 3+ years of relevant work experience, with strong experience in IT governance, security governance, risk management or operational resilience and demonstrated experience coordinating enterprise-wide compliance or remediation programmes.
- Hands-on exposure across several of: DORA, IT risk management, vulnerability management, CMDB governance, IAM/GIAM, security operations governance, audit remediation, service management and operational resilience.
- Experience with executive reporting and the facilitation of formal governance forums, experience operating across international and matrix organisations as well as project management knowledge alongside analytical thinking, methodological and conceptual skills.
- Skills in data analysis and reporting, preferably via Excel and Power BI.
- Strong stakeholder management, escalation management and communication skills.
- Preferred technical knowledge including: Power BI and reporting automation, Archer (GRC), ServiceNow and CMDB governance, IAM / GIAM concepts and vulnerability management tooling, Dynatrace and GitHub Advanced Security, DORA regulatory framework and broader risk and compliance governance models (e.g. ISO 27001, NIST, EU AI Act, GDPR).
- Familiarity with AI technologies and GenAI platforms is a strong advantage.
What we offer
- We offer a hybrid work model which recognizes the value of striking a balance between in-person collaboration and remote working incl. up to 25 days per year working from abroad.
- We believe in rewarding performance and our compensation and benefits package includes a company bonus scheme, pension, employee shares program and multiple employee discounts (details vary by location).
- From career development and digital learning programs to international career mobility, we offer lifelong learning for our employees worldwide and an environment where innovation, delivery and empowerment are fostered.
- Flexible working, health and wellbeing offers (including healthcare and parental leave benefits) support to balance family and career and help our people return from career breaks with experience that nothing else can teach.
About Allianz Technology
With its headquarters in Munich, Germany, Allianz Technology is Allianz's global IT service provider and delivers IT solutions that drive the group's digitalization. With more than 11,000 employees in over 20 countries around the world, Allianz Technology is tasked to run, optimize, transform and innovate the infrastructure, applications and services together with Allianz companies to co-create the best customer experience.
We service the entire spectrum of digitalization – from one of the industry's largest IT infrastructure projects that spans data centres, networks and security, to application platforms ranging from workplace services to digital interaction.
In short: We deliver comprehensive end-to-end IT solutions for Allianz in the digital age. We are the backbone of Allianz.
Find us at: www.linkedin.com/company/allianz-technology.
Commitment to Integrity, Fairness & Inclusion
Allianz Group is one of the most trusted insurance and asset management companies in the world. Caring for our employees, their ambitions, dreams and challenges, is what makes us a unique employer. Together we can build an environment where everyone feels empowered and has the confidence to explore, to grow and to shape a better future for our customers and the world around us.
We at Allianz believe in a strong inclusive culture that encourages people to speak their minds, get involved and question the status quo. We are proud to be an equal opportunity employer and encourage you to bring your whole self to work, no matter where you are from, what you look like, who you love, or what you believe in. We therefore welcome applications regardless of race, ethnicity or cultural background, age, gender, nationality, religion, social class, disability, sexual orientation, or any other characteristics protected under applicable local laws and regulations.
To Recruitment Agencies
Allianz Technology has an in-house recruitment team that sources great candidates directly. Therefore, Allianz Technology does not accept unsolicited resumes from agencies or search firm recruiters.
When we do work with recruitment agencies, that engagement is formalized by a contract. Fees will only be paid when there is a contract in place. Without a contract in place, we will not accept invoices on unsolicited resumes, even if the candidate was ultimately employed by Allianz.
102261 | IT & Tech Engineering | Professional | Non-Executive | Allianz Technology | Full-Time | Permanent