Information Security Officer (All genders)

View full description

Requirements:

• Bachelor’s degree in Information Security, Cybersecurity, Information Technology, or related field; advanced degrees preferred.
• Relevant certifications such as CISSP, CISM, CISA, ISO 27001 Lead Auditor, AZ-500 or equivalent.
• Minimum of 5 years of experience in information security or a related role, preferably in a SaaS or technology environment.
• Experience in audits and maintaining compliance with ISO/IEC standards.
• Hands-on experience with risk and vendor management, incident response practices.
• Knowledge of DevSecOps principles and secure SDLC practices.
• Familiarity with frameworks like GDPR, DORA, and BSI IT Grundschutz.
• Strong analytical and problem-solving skills.
• Proven track record in developing security policies and procedures.
• Familiarity with SIEM tools.
• Good working knowledge of Confluence and JIRA.

Responsibilities:

• Lead preparation for ISO 27001 upgrade from 2013 to 2022.
• Develop, implement, and monitor an integrated management system aligned with ISO 27001, ISO 9001, ISO 20000-1, and TISAX requirements.
• Facilitate internal and external audits for compliance.
• Create and maintain security documentation, including policies and incident response plans.
• Conduct risk assessments to identify vulnerabilities.
• Collaborate with DevSecOps and Engineering teams.
• Stay informed about cybersecurity threats and develop protective measures.
• Deliver security awareness programs for employees.
• Review vendor security postures and conduct risk assessments.
• Facilitate post-incident reviews and corrective actions.