Salary: 45.000 - 70.000 € per year Requirements: Proven experience with core information security frameworks (BSI IT-Grundschutz, ISO 27001) and risk management methodologies Hands-on background in developing and implementing risk-mitigation plans, security policies, processes, and technical controls Solid understanding of GDPR compliance requirements and IT infrastructure fundamentals (e.g., networking, server roles, system architecture) Fluency in German and English to articulate technical requirements clearly and collaborate with cross-functional teams and external partners Demonstrated project management skills, with the ability to work independently, solve problems creatively, and drive initiatives to completion Knowledge of cloud security guardrails in multi-account environments (e.g., IAM, SCP, centralized logging, encryption, network isolation) (advantageous) CISSP certification or equivalent advanced security credential (advantageous) Responsibilities: Analysis and documentation of current operations with respect to IT security, identifying gaps and supporting continuous improvement Implementation and maintenance of a framework for risk and asset management, utilizing modern tools and standards Creation and maintenance of an Information Security Management System (ISMS) Implementation and maintenance of a program for security awareness that works across multiple communication channels Regular monitoring of risks through third-party interactors, such as used infrastructures or sub-contractors Provision of information security guidance for IT projects, including the evaluation and recommendation of technical controls Coordination of interaction with external expertise on legal and technical IT security topics Technologies: Cloud IAM Network Security Mobile More: We are the German Cancer Research Center (DKFZ), one of Europes largest cancer research centers, dedicated to the mission Research for a life without cancer. last updated 18 week of 2026