Information Security Manager (m/f/x)

Job Description

Step out of your comfort zone, excel, and redefine the limits of what is possible. That's what our employees do every day to set the pace through innovation and achieve outstanding results. Behind every successful company are many fascinating people.

In a modern, spacious setting full of opportunities for development, ZEISS employees work where expert knowledge and team spirit are valued. Our ownership structure and the long-term goal of the Carl Zeiss Foundation support our mission to bring science and society into the future together.

Join us today. Inspire people tomorrow.

We welcome your application regardless of gender, age, social background, philosophy of life, disability, or other factors.

Apply now! It takes less than 10 minutes.

Corporate Information Technology (CIT) at the Carl Zeiss Group is a core part of our strategy, developing and implementing innovative IT solutions to enhance efficiency and competitiveness. By collaborating with various departments, CIT ensures that technological advancements and digital transformations are seamlessly integrated into our business processes.

• Defines, develops, and reviews information security policies, procedures, guidelines, forms, and templates in collaboration with Subject Matter Experts.
• Recommends and develops measures to ensure compliance with ISO 27001 and other applicable information security standards.
• Enhances the Information Security Risk Management process and conducts Risk Assessments to implement appropriate mitigation measures.
• Develops and implements Information Security Auditing across all ZEISS entities and locations in coordination with Regional and Business Information Security Officers.
• Supports communication regarding the ZEISS Information Security Program across all Business Units and Regions.
• Leads the development of the ZEISS GRC tool.

The Information Security Manager is part of the InfoSec Certifications and Governance team within Corporate Information Security at Carl Zeiss AG, reporting directly to the Head of Information Security Certifications and Governance. This team is responsible for developing, implementing, and maintaining the ZEISS Information Security Program, aligned with international standards and tailored to meet diverse business and regulatory requirements. Responsibilities include Governance, Risk and Compliance Management, Security Audits, and ISMS operations. The Manager will oversee the evolution and operation of the Information Security Management System, Policy Framework, and Security in Supplier Relationships.

• University degree in Information Security, Cybersecurity, Computer Science, or a related field, or equivalent experience.
• At least 7 years of progressive experience in Information Security or related areas such as ISMS, GRC, ISO 27001, or auditing.
• Deep expertise in designing, implementing, and maintaining ISO/IEC 27001-compliant ISMS, including re-certifications in multinational environments.
• Proven success in delivering strategic security initiatives aligned with global business and regulatory standards.
• Strong analytical and problem-solving skills to address complex security challenges.
• Experience managing Security KPIs, governance frameworks, and executive reporting.
• Knowledge of international legal and regulatory compliance (e.g., GDPR, NIS2, SOX).
• Excellent communication and leadership skills to influence stakeholders at all levels.