Security Engineer
Cybersecurity GRC & AI Governance Expert at SUSE, responsible for designing and implementing secure, AI‑ready solutions across Linux, Kubernetes, and multi‑cloud environments, ensuring compliance and resilience for enterprise customers.
About Us
SUSE is a global leader of enterprise open source software. By transforming community innovations into secure, sovereign and AI-ready solutions, SUSE empowers customers to escape vendor lock-in and regain control of their IT destiny. Through industry-leading Linux, Kubernetes, Edge and AI infrastructure solutions, SUSE delivers the flexibility to innovate everywhere—from the data center to multi-cloud and out to the edge. Only SUSE also manages many Linux and Kubernetes distributions. At SUSE , Choice Happens because we prioritize community, interoperability and relentless innovation. Discover how we power mission-critical resilience at www.suse.com .
Job Description
Position Overview
We are seeking a highly skilled Cybersecurity GRC & AI Governance Expert to join our fully remote Cybersecurity GRC team. In this cybersecurity role, you will support the execution and continual improvement of SUSE ’s global cybersecurity governance, risk management and compliance strategy. In addition, this position acts as the subject matter expert for AI Governance, anchoring the organisation's AI governance capability within the GRC function and ensuring that internal AI management and product integrations comply with emerging global regulations.
The ideal candidate for this role possesses a strong background in traditional security frameworks (ISO 27001, SOC 2) alongside a practical understanding of AI risk management (ISO 42001, EU AI Act).
Key Responsibilities
1. Cybersecurity GRC
Governance & Policies: Develop, maintain and support implementation of SUSE ISMS policies, procedures and standards, working with control owners and accountable functions to ensure requirements are understood, implemented and evidenced.
Technical Control Management: Ensure governance policies are effectively translated into technical controls, driving the continuous improvement in this area.
Risk Management
Compliance & Frameworks: Oversee control and evidence collection management for key compliance frameworks, notably ISO/IEC 27001, SOC 2, NIS2, BSIG, and DORA. Familiarity with Common Criteria certification concepts and assurance requirements, including EAL4+ or comparable certification expectations, is an advantage.
Audit Facilitation: Coordinate and lead internal and external security audits. Serve as the primary point of contact for external auditors and track remediation plans for any identified gaps.
Security Awareness: Design and deliver security awareness initiatives to promote a culture of compliance.
GRC Engineering: Define and improve GRC and AI governance workflows, evidence models, dashboards and automation requirements. Partner with the Cybersecurity GRC Engineer to implement, configure and maintain tooling, integrations and automated workflows
GRC Platform Managemen
Posted June 18, 2026