Strategy & Roadmap: Develop and implement a group-wide information security and compliance strategy aligned with ISO 27001 and upcoming regulatory requirements like NIS2.
ISMS Development: Build and operate a robust Information Security Management System (ISMS), starting with a structured gap analysis and a prioritized delivery roadmap.
Security Governance: Define clear security requirements across Product, Engineering, and IT, ensuring implementation through accountable ownership and clear documentation.
Risk Management: Identify, assess, and clearly communicate security risks, enabling leadership to make pragmatic, risk-based decisions aligned with business priorities.
Compliance Expert: Act as the primary expert and main point of contact for security topics during enterprise customer discussions, external audits, and due diligence processes.
Technical Advocacy: Collaborate closely with IT Ops and Engineering to embed "Security by Design" into modern cloud (AWS and Azure) and product architectures.
Stakeholder Influence: Serve as a solution-oriented advisor to the board and senior management, translating complex technical risks into clear business impact.

Information Security Expertise: Several years of experience in a security or compliance role, specifically building or significantly improving an ISMS (ISO 27001) in a SaaS or tech-driven environment.
Regulatory Knowledge: Deep understanding of frameworks such as NIS2, DORA, or similar compliance regimes, with the ability to translate legal text into operational reality.
Applied Technical Credibility: Experience in cloud security, infrastructure, or DevSecOps, allowing you to define requirements that are both secure and technically feasible.
Strategic Thinking: Ability to combine domain expertise with big-picture thinking to anticipate trends and identify strategic opportunities for the group.
Stakeholder Management: Exceptional communication skills with the ability to influence senior leadership and cross-functional teams without formal authority.
Executional Excellence: A proven track record of driving high-quality results by setting clear priorities, removing obstacles, and following through on complex roadmaps.
Pragmatism: A risk-based approach to security that balances high-standard regulatory requirements with business agility and resource constraints.
Languages: English C1. German is a plus given our DACH footprint.

Vacation: 30 days
Benefits: Urban Sports Club membership, Hrmony subscription, JobRad, or a subsidy for a BVG ticket.
Health & Wellbeing: 1 mental health day per year and access to the Nilo.health platform.
Learning & Development: Clear career paths and an annual learning budget of €2,000, among other opportunities.
Home Office? No problem! We have a beautiful office in the heart of Berlin where we meet twice a week.
Workation: Up to 12 weeks of remote work from any country or continent you want!
Autonomy: We want to hire you for your expertise and knowledge, and we’ll give you the space to do your best work.
Sustainable Growth: We are profitable and continue to grow — in a highly sustainable way, backed by a leading private-equity firm focused on technology and software.
Culture: You’ll join a highly collaborative and high-performing team where you can contribute ideas, challenge others, and be challenged yourself.

Senior Information Security Officer – f/m/d

Key skills