Data Protection and Information Security Coordinator (f/d/m)

Reports to: Philip Ihde, Chief Operating Officer
Talent Partner:Celia Nielsen, People & Talent Partner
Salary Band:
IC L1 Junior: 49-57k € + VSOP (5% of annual gross salary)
IC L2 Mid-Level: 64-76k € + VSOP (10% of annual gross salary)
Remote Policy: Remote-first culture with offices in Berlin and Hamburg

Must-Haves:

• 3+ work experience in a data protection or information security role, with a strong understanding of GDPR.
• Demonstrable experience in managing and maintaining a data protection management system and/or an information security management system, including extensive experience managing audits.
• A recognised certification in data protection or information security
• Experience in handling data subject requests and managing incidents.
• Excellent organisational and project management skills, with the ability to manage multiple tasks and deadlines effectively.
• Strong communication and interpersonal skills, with the ability to collaborate effectively with both technical and non-technical stakeholders.
• A proactive and solution-oriented mindset, with a keen eye for detail.
• Fluency in English and German

Nice-to-Haves:

• Experience working in the healthcare or technology sector.
• Experience with legal ticket management systems and supplier relationship management.
• An interest in the legal and ethical implications of artificial intelligence.

Meaningfulness

• Mental health is a human right: we help thousands of people each month who struggle with depression, stress, insomnia, burnout, and other mental health issues

Research & Evidence

• We have a unique product and are at the forefront of research in digital health applications
• The effectiveness of our product is continuously evaluated and efficacy studies have been published in international and high-impact journals since 2014
• Data is of great importance to us and we are transparent about our strategy, goals and results.

Growth

• As pioneers in the development of applications for various mental health conditions, we are at the forefront of innovation
• We operate in an extremely exciting and emerging market
• Annual training budget of 1,000 euros - we place great emphasis on the personal growth of our employees and actively support their development

Remote-First

• Remote-first culture - we hire globally, considering a time window of +/- 4.5 hours CET
• Use of our offices in Berlin and Hamburg if you prefer to work on-site
• Relocation option and support

Diversity & Inclusion

• Fair and equal treatment are the standards of our Anti-Harassment Policy
• Flexible working hours - shape your own day
• Company language English, with a strong emphasis on inclusive language
• Transparent salary bands
• Additional 10 paid leave days for non-birth parents after the birth or adoption of a child

Other Benefits

• 28 vacation days + compensation for holidays that fall on weekends
• Tenure based paid time off - up to three additional days
• Permanent employment contract
• Attractive VSOP (Virtual Stock Option Plan) for all employees
• Tax-deductible pension plan with an above-average employer contribution
• Free or subsidized fitness memberships
• Regular team events

HelloBetter is an equal opportunity employer and encourages applicants of any national origin, gender, sexual orientation, religious background, gender identity, and people with disabilities to apply

Privacy Policy for Applicants

HelloBetter is a pioneer in the field of digital healthcare. For more than 10 years, we have been developing evidence-based digital health applications for the prevention and treatment of mental health conditions. Our applications cover a variety of areas, including stress management, depression, problematic alcohol use, panic disorder and anxiety, vaginismus, and sleep disorders.
Six of HelloBetter's ten applications are approved as digital health applications. They are available free of charge by prescription to all insured adults in Germany.

For more information about HelloBetter, see ourHelloBetter Handbook.

The Data Protection and Information Security Coordinator will be a central figure in our efforts to maintain and enhance our data protection and information security posture. This role is responsible for the operational management of our data protection and information security management systems, ensuring compliance with GDPR, DiGAV and other relevant regulations. The ideal candidate will be a proactive and organised individual with a strong understanding of data privacy principles and a commitment to fostering a culture of security within the organisation.

1. Screening Interview with People team (30 min)
2. Take-home Case Study (2 hours)
3. Case Study & Technical Interview with the Legal team (60 min)
4. Hiring Manager Interview with Philip, Chief Operating Officer (60 min)
5. Offer Talk (15 min)

Data Protection Management:

• Oversee and maintain the data protection management system, including retention policies, Data Protection Impact Assessments, Technical and Organisational Measures, and records of processing activities.
• Drive data protection certification process pursuant to Article 42 GDPR (once available)
• Manage and respond to data subject requests received through various channels, ensuring timely and accurate resolution.
• Handle and coordinate responses to requests from data protection authorities.
• Serve as a key point of contact for our external Data Protection Officer

Information Security Management System:

• Manage and monitor the ISMS (ISO27001), including supplier management, incident management, and risk management.
• Drive the implementation of information security norms and standards throughout the organisation.
• Organise, execute, and follow up on internal and external audits, including the implementation of opportunities for improvement.
• Monitor and report on the effectiveness of the ISMS and drive continuous improvement.
• Serve as a key point of contact for our external Information Security Officer

Compliance and Training:

• Monitor legal and regulatory developments in data privacy and information security, providing updates and recommendations to the management team.
• Develop, implement, improve and monitor data privacy and information security training programs for all employees.
• Contribute to quarterly leadership newsletter with a focus on GDPR and other relevant topics.

Project Management and Collaboration:

• Contribute to various internal projects related to data protection and information security.
• Collaborate with cross-functional teams to ensure that data protection and information security are embedded in all new projects and initiatives.
• Participate in relevant industry groups and forums to stay abreast of best practices and emerging trends.