Chief Information Security Officer

Kmg Clinics
Berlin, Germany
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Berlin, Germany

Tech stack

Computer Security
Information Security Management System

Job description

We are seeking you as soon as possible to serve as Chief Information Security Officer (CISO) (m/f/d/x) to actively manage our information security-particularly in the KRITIS environment-and report directly to the Executive Board at our corporate headquarters in Bad Wilsnack or at our branch office in Berlin. Responsibilities

Why We Are Your First Choice

  • Responsibility: You will take on company-wide management of information security and play a key role in shaping the further development of our security and risk structures.
  • Scope for Influence: The position offers you the opportunity to establish and sustainably embed information security throughout the company.
  • Relevance: You will work in a KRITIS environment with a direct impact on supply security and patient protection.
  • Positioning: Direct reporting line to senior management and close involvement in strategic decision-making processes., Strategy & Governance
  • Further development and implementation of a company-wide security and risk strategy
  • Establishment of clear control, decision-making, and escalation structures
  • Implementation of management reporting for information security and business risks

Information Security Management

  • Establishment and further development of an ISMS (e.g., ISO 27001, NIS 2-oriented)
  • Definition and enforcement of policies and standards
  • Integration of security into projects and processes ("Security by Design")

Risk Management & Compliance

  • Assessment and management of enterprise-wide IT risks
  • Ensuring compliance with regulatory requirements (GDPR, KRITIS, NIS-2)
  • Responsibility for audits and cooperation with regulatory authorities (in particular the BSI)

Incident & Resilience Management

  • Responsibility for incident reporting as well as the establishment and optimization of processes for the detection, tracking, and prevention of security incidents
  • Analysis and management of risks in the supplier and service provider landscape, including integration of third-party risks into central risk management
  • Definition and further development of security and prevention measures for sustainable risk reduction among internal and external partners

Organization & Collaboration

  • Close collaboration with all line functions (Medicine, Nursing, Administration, IT, etc.)
  • Management of external partners
  • Establishment of a sustainable security and awareness culture

Requirements

  • You currently hold a role such as Deputy CISO, ISB, or Senior Security Manager and are looking to take the next step
  • You have experience in information security within regulated environments (e.g., KRITIS, healthcare, public sector)
  • You have in-depth knowledge of ISO 27001, BSI IT-Grundschutz, and NIS-2
  • You already collaborate with executive management or senior leadership and communicate effectively with your audience
  • You can assess and prioritize security and business risks in a structured manner
  • You have a clear governance perspective and do not wish to work in an operational-technical capacity

About the company

KMG Clinics is a healthcare company with locations in northeastern and central Germany that offers highly qualified medical and nursing care in the family-like atmosphere of its facilities. KMG operates acute care hospitals, rehabilitation clinics, senior care facilities, medical care centers, and outpatient nursing services. The company has over 2,500 beds and places and employs approximately 4,900 staff members.

Apply for this position