Ensure aedifion operates an effective and scalable Information Security Management System (ISMS) that goes beyond mere compliance.
Embed security as a natural part of the corporate culture and drive tangible, proactive security practices.
Transform the security culture and seamlessly integrate genuine protection into business processes.
Consolidate distributed responsibilities and establish centralized controls to ensure consistent standards.
Strengthen employees’ security awareness and design secure remote-working scenarios.
Build a future-proof architecture that scales with growth through intelligent automation.
Take sole responsibility for operating the ISO 27001-certified ISMS and drive its continuous development.
Select suitable ISMS tools, implement them independently, and increase the level of automation.
Independently implement technical and organizational security measures in close collaboration with IT, HR, Engineering and Finance.
Conduct internal, external and customer audits as well as management reviews independently and ensure successful recertifications.
Design and implement effective awareness and training programs that embed security awareness into the corporate culture for the long term.
Monitor the effectiveness of the ISMS through systematic analyses and meaningful key performance indicators, and produce compelling reports for management, employees and customers.
Flexibly adapt the ISMS to company growth and new regulatory requirements.

Extensive experience in independently establishing, operating and continuously improving ISMS in corporate environments, with proven success across multiple full implementation or optimization cycles.
Hands-on experience with common ISMS tools from real-world corporate deployments, including independent selection, implementation and integration into existing IT landscapes.
Deep knowledge of ISO 27001 requirements with proven experience in successfully conducting initial and recertification audits as well as customer audits.
ISO 27001 Lead Implementer or Lead Auditor certification, ideally complemented by CISSP, CISM or comparable certifications that validate your practical expertise.
Solid IT knowledge and system-administration skills to independently assess, implement and integrate technical security measures in cloud and on-premises environments.
Strong ability to communicate complex security topics clearly and appropriately for the audience — from management and business units to external auditors and customers.
Structured, independent working style with strong organizational skills, project-management experience and a passion for continuous improvement and automation.
Business-fluent written and spoken English for professional audits, precise documentation and international collaboration.

Make a difference: Your work helps reduce CO₂ emissions and makes buildings more sustainable and energy-efficient.
Mobile work: Organize your working day according to your needs — flexible working hours with short core hours and the freedom to work from our modern office in Cologne, remotely from anywhere in Germany or up to 10 days per year from other European countries.
Long-term prospects: After your probationary period, we offer a permanent contract.
Feel-good perks: 30 days of annual leave, plus fresh organic fruit, regional coffee, free drinks and a monthly team breakfast to keep you energized.
Professional development: We support your growth with tailored training opportunities to advance your career.
Tech stack: Modern work equipment of your choice — Microsoft or Apple — plus high-quality noise-cancelling headphones for focused work.
Mobility package: Stay mobile — choose between the Germany Ticket or a Jobrad bike for commuting or private use.
Pension provision: Subsidies for capital-forming benefits (VWL) or company pension schemes (bAV).
#teamaedifion: Regular team events, a collaborative atmosphere, knowledge sharing and flat hierarchies foster strong teamwork and open communication.
Dog-friendly office: Bring your dog to work — we welcome some four-legged support.

Information Security Officer

Key skills