As our Information Security Officer, you will be the central pillar for establishing, maintaining, and continually improving our entire security governance framework. Your primary mission is to protect our valuable intellectual property and ensure full regulatory compliance across all European operations.

ISMS & Compliance Management

• Establish and maintain the Information Security Management System (ISMS) based on the ISO 27001 standard and other relevant frameworks.
• Lead the compliance effort for the NIS 2 Directive, ensuring the company meets all new cybersecurity and resilience requirements for operators of essential services.
• Manage the full risk assessment and treatment lifecycle; identify, analyze, and evaluate information security risks and define necessary mitigation strategies.
• Develop, implement, and enforce information security policies, standards, and guidelines across the organization.

Security Operations & Business Resilience

• Oversee incident response and management planning, ensuring the team is prepared to detect, respond to, and recover from security breaches effectively and quickly.
• Drive and manage the Business Continuity Management (BCM) and Disaster Recovery (DR) processes to ensure the resilience of our critical business functions and manufacturing operations.
• Coordinate internal and external security audits and penetration tests, tracking and verifying the successful remediation of all identified vulnerabilities.
• Manage the security awareness program, training employees at all levels on security policies and best practices to foster a strong security culture.

Governance & Stakeholder Engagement

• Act as the main point of contact for all information security-related matters, communicating effectively with senior management, technical teams, and external auditors.
• Monitor new and emerging cybersecurity threats and technologies, recommending strategic adjustments to our security posture.

Your Profile

• Fluent proficiency in both German and English (written and spoken) is essential for communication with international and German stakeholders.
• Proven 3+ years of experience in an Information Security Officer, CISO, or security governance role.
• Deep, demonstrable experience in establishing, implementing, and maintaining an ISMS and achieving/maintaining ISO 27001 certification.
• Strong working knowledge of European security regulations, particularly the NIS 2 Directive.
• Expertise in Risk Management, Business Continuity, and Disaster Recovery methodologies.
• Relevant security certifications (e.g., ISO 27001 Lead Implementer/Auditor, CISM, CISSP) are a significant advantage.