5+ years of hands-on experience in information and cybersecurity across European and U.S. jurisdictions Solid knowledge of one or more security frameworks: ISO/IEC 27001, NIS2, BSI, or equivalents Experience in regulatory compliance, audit support, and interpreting legal and regulatory implications for large organizations Familiarity with working in a product-led tech environment, where teams operate independently and require decentralized but coordinated security oversight Strong communication skills, with the ability to convey complex topics to diverse audiences Fluent in English (written and spoken), additional languages are a plus Comfortable working in a multicultural, international environment and across remote teams on large-scale projects A genuine passion for cybersecurity and staying up to date with the latest threats, regulations, and best practices Experience in or knowledge of rail operations is a strong advantage

Interpret and apply cybersecurity frameworks such as ISO/IEC 27001, NIS2, or BSI IT-Grundschutz across multiple jurisdictions Work closely with legal, regulatory, and operational teams to assess and implement compliance measures in line with local and international legislation Support the preparation and execution of internal and external audits Communicate clearly and confidently with a wide range of stakeholders—from engineers to executives—about cybersecurity risks, controls, and legal obligations Lead initiatives from ideation to implementation, collaborating with cross-functional and distributed teams Stay current with cybersecurity developments, technology trends, major incidents, and emerging legislation