Information Security Lead (m/f/d)

Overview

We want to enable access to digital medical consultation for everyone in Germany. Really for everyone! To reach that, we are building the leading on‑demand platform for telemedicine. And your impact matters. Are you seeking more than just a job, but a meaningful mission that fills you with pride? Welcome! Digitalisation of the German healthcare system is currently taking off and we offer some seats to join us on this revolutionary journey. Join TeleClinic and play a pivotal role in shaping a healthier society.

This unique hybrid position sits within our Infrastructure team. You’ll contribute as a hands‑on Senior Backend Engineer while simultaneously taking ownership of our information security strategy, acting as our de‑facto CISO. You’ll be the go‑to person for all security‑related topics, bridging the gap between engineering, operations, and leadership.

What You’ll Do

• Collaborate with product teams and infrastructure on architecture decisions with a security‑first mindset.
• Design, build, and maintain scalable, secure backend services and APIs in Python / Django.
• Own and drive TeleClinic’s ISO 27001 certification and ongoing compliance, from gap analysis through to audit readiness.
• Develop, maintain, and enforce the company‑wide Information Security Management System (ISMS).
• Define and implement security policies, standards, and procedures across and with all teams.
• Lead risk assessments, threat modelling, and vulnerability management.
• Educate and upskill colleagues on security awareness and best practices.
• Monitor the threat landscape and proactively address emerging risks relevant to a regulated healthcare environment.

What You Bring

• 5+ years of Python backend engineering experience.
• Solid understanding of network security, identity & access management, encryption, and secure SDLC.
• Hands‑on experience with ISO 27001, ideally having led or significantly contributed to an implementation or re‑certification.
• Familiarity with healthcare data regulations (GDPR, potentially HIPAA, or German digital health regulations such as DiGA) is a strong plus.
• Strong communicator who can translate complex security concepts to non‑technical stakeholders.
• Proven track record with cloud infrastructure (AWS, GCP, or Azure) and modern DevSecOps practices is a plus.
• Fluent in English; German is a plus.

Benefits

Enjoy great benefits. Please note that due to various partnership or legal agreements, some benefits may not be available outside of Germany.

• Urban Sports Club Membership Discount
• Access to eLearning platforms such as LinkedIn Learning or Reforge
• Mobility discounts: Jobrad & Finn.auto
• Company pension scheme with attractive employer contributions
• 30 days vacation per year
• Shopping discounts through Corporate Benefits
• Opportunity to participate in the employee participation program (stock options)
• Up to 1.000€ in personal development budget & 2 days off for personal development