Direct reporting line to C-level and representation of Nect to auditors (ISO 27001 and eIDAS)
Shape the security organization and build an internal SOC team
Areas of responsibility include IT, software development, product operations, biometrics and machine learning
Influence product development from a security perspective, working directly with product management and engineers
Risk management within the ISO 27001 framework and in cooperation with the GRC Manager
Select and coordinate penetration testers, including our product security tests (deepfakes, presentation attacks, etc.)
Responsibility for certifications and audits for ISO 27001 and eIDAS
Coordinate with our GRC Manager and Data Protection Officer
Interact with our external stakeholders (customers, qTSPs, gematik, BSI, BNetzA, public authorities)
Awareness and training for our teams and sharpening Nect's security awareness

Sufficient technical depth to engage with experts across domains (cryptography, APIs and networking, ML security, secure SDLC)
Experience in relevant environments is a strong plus (eIDAS / eIDAS 2.0, ETSI EN 319 401/411/421, ETSI TS 119 461, BSI TR-03107, TR-03116, gematik specifications)
Qualifications: ISO 27001 Lead Auditor/Implementer or equivalent qualification
ISO 27001 Lead Risk Manager is a plus
Fluent German and English
Confident, clear communication of complex topics
Assertive yet tactful
High initiative, structured and precise working style

Flexible work and modern working environment
Scale-up culture with security & vision: digital, innovative, ambitious
Flat hierarchies & fast decisions: real scope to shape your ideas
Personal development: grow within a forward-looking tech company
Modern office in Hamburg: central location between the Elbe and the Alster with a pleasant working atmosphere
Health benefit: company supplementary health insurance
Team spirit: regular events and exchange in a motivated environment
Meals: subsidy for your daily refreshments

Information Security Officer

Key skills