Informationssicherheitsbeauftragte/r ISO (m/w/d)

Information Security Officer ISO (m/f/d)

Starting immediately – Permanent – Full-time – Remote – Germany

Welcome to Xiting’s Career Page!

Shape the future of our IT security!
In this newly created key role, you will support the development and implementation of our Information Security Management System (ISMS). Together with the CISO, you will work to achieve security objectives, establish processes in line with ISO 2701, and ensure effective security management.
You will also conduct internal audits, raise awareness among colleagues, and contribute to the creation of additional policies and risk reports.

Take the opportunity to actively shape our information security – with your expertise, commitment, and eye for the essentials.

Your Responsibilities

• Support in building, implementing, and developing the Information Security Management System (ISMS)
• Further development of IT security and compliance strategies in line with our corporate strategy and business processes
• Ensuring consistent, high-quality information security and compliance management
• Defining security and compliance goals, as well as company-wide policies and guidelines
• Establishment and operation of an ISMS according to ISO 27001, and support for additional standards and frameworks (e.g., TISAX, DORA, NIS2)
• Support in defining and implementing relevant processes, controls, and systems in the areas of information security and compliance
• Conducting internal audits and controls, including risk assessments and preparation of risk reports
• Support and consulting on data protection (GDPR) and other regulatory requirements
• Raising awareness and training employees on security and compliance topics
• Creating and maintaining policies, standard operating procedures (SOPs), and governance documents
• Conducting information security and compliance assessments for projects, systems, and general topics

Here are the qualifications we’re looking for:

• Completed university or technical college degree, preferably in business informatics, computer science, or equivalent professional or training-related experience
• Minimum of 3 years of experience in one of the following areas: risk management, information security, cybersecurity, or IT security
• Proven experience with information security policies and procedures. You have successfully contributed to IT security projects and are familiar with project management principles.
• Good knowledge of relevant legal and regulatory requirements as well as common information security management frameworks, such as ISO/IEC 27001, and ideally also TISAX, NIS2, GDPR, etc.
• Excellent communication skills, with the ability to convey information security and risk-related concepts to both technical and non-technical audiences
• A strong analytical and solution-oriented mindset, with the ability to act calmly and purposeful
• A professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or similar

#J-18808-Ljbffr