Principal Information Security Manager (f/m/x)

COMPANY DESCRIPTION

About the DOUGLAS Group

The DOUGLAS Group, with its commercial brands DOUGLAS, NOCIBÉ, Parfumdreams and Niche Beauty, is the number one omnichannel premium beauty destination in Europe. The DOUGLAS Group is inspiring customers to live their own kind of beauty by offering a unique assortment online and in around 1,900 stores. With unparalleled size and access to customers, the DOUGLAS Group is the partner of choice for brands and offers a premium range of selective and exclusive brands as well as own corporate brands. The assortment includes fragrances, color cosmetics, skin care, hair care, accessories as well as beauty services. Strengthening its successful omnichannel positioning while consistently developing superior customer experience is at the heart of the DOUGLAS Group strategy “Let it Bloom”. The winning business model is underpinned by the Group’s omnichannel proposition, leading brands, and data capabilities. In the financial year 2023/24, the DOUGLAS Group generated sales of 4.45 billion euros and employed around 19,200 people across Europe. It was named the World’s Top Company for Women in 2025 among all retail and wholesale companies by Forbes. The DOUGLAS Group (Douglas AG) is listed at the Frankfurt Stock Exchange.

For further information please visit the DOUGLAS Group Website.

TASKS WITH IMPACT

• Shaping a comprehensive information security strategy aligned with DOUGLAS' operational and organizational goals
• Leading key security initiatives and foster a proactive security culture throughout the company
• Managing and continuously improving technical safeguards to protect data, applications, and infrastructure
• Collaborating closely with IT security, product management, and other departments to ensure secure development and operations
• Performing regular risk assessments, vulnerability analyses, and security drills to detect and mitigate potential threats early
• Ensuring compliance with regulatory requirements such as GDPR and relevant ISO standards
• Establishing and further develop security policies, standards, and processes across the DOUGLAS Group
• Advising senior leadership on strategic decisions related to information and cyber security

YOUR SKILLS

• A university degree in (business) informatics or a comparable field of study
• At least two years of experience in information security, ideally with a focus on strategic security projects
• Strong knowledge of regulatory frameworks such as GDPR, EU AI Act, EU Data Act, and NIS 2
• Hands‑on experience with ISO standards including ISO 22301, ISO 9000, ISO 31000, and ISO 20000
• Practical know‑how in incident management, risk assessments, and the development of security awareness programs
• Certifications such as CISSP, CISM, or equivalent are a plus
• Strong communication skills in both English and German – written and spoken

YOUR BENEFITS