As part of an established staff unit reporting directly to the management, you will play a key role in shaping the strategic framework for information security and data protection. In this pure governance function, you will take over responsibility from your predecessor, who has been promoted to a global role, and set the course for a sustainable and compliance-oriented security culture at the site.
Here's what our clients offer
1. Remuneration & benefits: You will receive an attractive remuneration package including additional special payments. You also benefit from a comprehensive company pension scheme and other attractive social benefits that go beyond the usual.
2. Flexible additional budget: You have a personal budget at your disposal that you can use flexibly and according to your wishes - whether for additional days off, as a further building block for your pension provision or as a financial payout.
3. Work-life balance: An advantageous working week, 30 days' annual leave and the option of regular mobile working create an ideal framework for reconciling work and private life.
4. Environment & development: You can expect targeted training opportunities, a modern working environment with excellent transport links and high-quality, subsidized catering on site.
5. Culture & health: You can look forward to a wide range of company health and sports activities, regular company events to strengthen team spirit and exclusive employee discounts.
Your tasks
6. Strategic governance: You are responsible for the strategic design, management and further development of the information security management system (ISMS in accordance with ISO 27001) and the data protection management system (DSMS in accordance with GDPR).
7. Process management: You define and monitor the implementation of security and data protection guidelines, processes and controls without being responsible for the technical implementation.
8. Interface management: You act as a central interface and sparring partner for the IT security architect (responsible for technical implementation), external consultants and the specialist departments.
9. Reporting & communication: You prepare complex issues ready for decision-making and report the risk status and audit results directly and regularly to the management.
10. Risk & compliance management: You coordinate the overarching risk management, accompany internal and external audits and ensure compliance with standards such as ISO 27001, NIS2 and GDPR.
11. Awareness & culture: You will develop and implement awareness-raising and training measures to anchor a sustainable security and data protection culture in the company.
Your profile
12. Degree in (business) informatics, IT security, law or a comparable field of study.
13. Several years of sound professional experience in the development and control of management systems for information security (ISMS according to ISO 27001) and data protection (DSMS according to GDPR).
14. Strong expertise in the area of IT governance, risk and compliance (GRC) as well as a clear understanding of the separation between procedural control and technical implementation
15. Good basic technical understanding to act as a competent point of contact for technical experts such as the IT security architect
16. Excellent, sustained communication skills and diplomatic ability to convey complex issues clearly and convincingly at management level.
17. Fluency in written and spoken German and English.