Information Security Officer (80 - 100%)
Role details
Job location
Tech stack
Job description
- Oversee and enhance the ISMS according to ISO/IEC 27001.
- Translate security strategies into effective controls and standards.
- Conduct risk and vulnerability analyses to ensure security measures., As an ISO, you are responsible for the technical implementation of information security, integrating security into operations and projects, pragmatically managing risks, and ensuring effective, actionable protective measures in everyday CISTEC life. You operate at the interface of governance, technology, and management. You are the central contact person for information and cybersecurity topics.
Your tasks
- Operation, maintenance, and further development of the ISMS (e.g., according to ISO/IEC 27001).
- Technical translation of security strategy into effective controls and standards.
- Conducting risk, threat, and vulnerability analyses.
- Definition, implementation, and tracking of technical security measures for risk treatment.
- Close collaboration with IT operations, architecture, cloud, and DevOps.
- Consulting projects on security-by-design and secure architecture.
- Support in security incidents including root cause analysis and lessons learned.
- Preparation of technical aspects of audits and compliance evidence.
- Monitoring of security KPIs and reporting to the CISO / management.
- Technical contact person for information security within the company.
Requirements
- Degree in IT or Information Security with relevant experience.
- Strong knowledge of ISO/IEC 27001 and NIST CSF standards.
- Excellent communication skills for stakeholder engagement., * Completed studies in computer science, IT security, business informatics, or a comparable qualification (CISA, CISM, etc.).
- Several years of professional experience in information security or IT security.
- Certifications in information security (e.g., CISSP, CISM, ISO/IEC 27001 Lead Implementer or Lead Auditor, CCSP, CRISC) are advantageous.
- Solid knowledge of relevant standards and frameworks (e.g., ISO/IEC 27001, ISO 27002, NIST CSF).
- Basic technical understanding of IT infrastructures, cloud environments, and applications.
- Experience with security controls, hardening, and secure configuration.
- Experience dealing with audits, compliance, and risk management processes.
- Structured, independent, and solution-oriented working style.
- Strong communication skills and assertiveness in dealing with different stakeholders.
- Very high self-motivation, energy, and resilience.
- Fluent in German & English, spoken and written.
Benefits & conditions
Meaningful work with impact: You work on exciting projects at the interface of AI and healthcare - in an interdisciplinary team that creates real added value.
Innovative environment: Together we develop pioneering solutions that sustainably improve clinical everyday life - with tangible impact for health professionals.
Flexible work: Part-time work, flexible working hours, and home office are a matter of course. After the probation period, you can work remotely up to four days a week.
Learning and innovation culture: We actively promote your further education and support you in attending professional conferences and trade fairs. Flat hierarchies and an open, agile team environment create space for personal and professional development.
Attractive benefits: Enjoy 5 weeks of vacation per year. Unpaid leave is possible by arrangement.
Shared experiences: We celebrate successes together - at lunch barbecues, on snow days, or at our team and company events.
