Overview
Information Security Manager (m/f/x) at Carl Zeiss AG is part of the InfoSec Certifications and Governance team within Corporate Information Security (CIT-I). The team develops, implements, and maintains the ZEISS Information Security Program aligned with international frameworks and regulatory requirements, addressing Governance, Risk and Compliance Management, Information Security Audit Management, and ISMS operation. The Information Security Program covers the ZEISS Information Security Management System Process, the ZEISS Policy Framework, and Information Security in Supplier Relationships.
Role reports directly to the Head of Information Security Certifications and Governance.
Responsibilities
* Define, develop, and review information security policies, procedures, guidelines, forms, and templates with related Subject Matter Experts.
* Recommend and implement measures to ensure compliance with ISO 27001 and other applicable information security requirements and frameworks.
* Improve Information Security Risk Management, execute risk assessments and analyses, and ensure appropriate risk treatment actions.
* Further develop and implement Information Security Auditing across ZEISS legal entities and locations in collaboration with Regional and Business Information Security Officers.
* Support communication of ZEISS Information Security Program matters to all Businesses and Regions.
* Drive further development of the ZEISS GRC tool.
Your profile
* University degree in Information Security, Cybersecurity, Computer Science, or a related field — or equivalent combination of education and substantial hands-on experience.
* Minimum of 7 years of progressive experience in Information Security or related areas (e.g., ISMS, GRC, ISO 27001, auditing).
* Deep expertise in designing, implementing, operating, and maintaining ISO/IEC 27001-compliant ISMS, including re-certifications in multinational environments.
* Proven track record in delivering strategic security initiatives aligned with global business and regulatory requirements.
* Strong analytical and problem-solving skills with the ability to navigate complex security challenges.
* Experience in managing Information Security KPIs, governance frameworks, and executive-level reporting.
* Solid understanding of compliance across international legal and regulatory landscapes (e.g., GDPR, NIS2, SOX).
* Excellent communication and leadership skills with the ability to influence stakeholders across technical, business, and executive levels.
Additional information
* Employment type: Full-time
* Seniority level: Mid-Senior level
* Job function: Information Technology
* Industries: Software Development
#J-18808-Ljbffr