Information Security Manager (m/f/x)

Corporate Information Technology (CIT) at the Carl Zeiss Group is a central part of the company’s strategy, developing and implementing innovative IT solutions to enhance efficiency and competitiveness. By working closely with various departments, CIT ensures that technological advancements and digital transformations are seamlessly integrated into business processes.

• Defines, develops, and reviews information security policies, procedures, guidelines, forms, and templates in collaboration with Subject Matter Experts.

• Recommends and develops measures to ensure compliance with ISO 27001 and other applicable information security standards and frameworks.

• Enhances the Information Security Risk Management process and conducts Risk Assessments to ensure appropriate measures are taken to mitigate identified risks.

• Develops and implements Information Security Auditing across all ZEISS entities and locations in coordination with Regional and Business Information Security Officers.

• Supports communication regarding the ZEISS Information Security Program across all Business Units and Regions.

• Leads further development of the ZEISS GRC tool.

The Information Security Manager is a member of the InfoSec Certifications and Governance team (CIT-IC) within Corporate Information Security (CIT-I) at Carl Zeiss AG, reporting directly to the Head of Information Security Certifications and Governance. This team develops, implements, and maintains the ZEISS Information Security Program, aligned with international standards and considering all business and regulatory requirements. Responsibilities include Governance, Risk and Compliance Management, Information Security Audit Management, and ISMS operations. The role involves further development and management of the ZEISS Information Security Management System, Policy Framework, and Security in Supplier Relationships.

• University degree in Information Security, Cybersecurity, Computer Science, or related field, or equivalent experience.

• At least 7 years of progressive experience in Information Security or related areas such as ISMS, GRC, ISO 27001, and auditing.

• Extensive experience in designing, implementing, and maintaining ISO/IEC 27001-compliant ISMS, including re-certifications in multinational environments.

• Proven success in executing strategic security initiatives aligned with global business and regulatory standards.

• Strong analytical, problem-solving, and stakeholder management skills.

• Experience managing Security KPIs, governance frameworks, and executive reporting.

• Solid understanding of legal and regulatory compliance, including GDPR, NIS2, and SOX.

• Excellent communication and leadership skills, capable of influencing stakeholders at all levels.

Your ZEISS Recruiting Team: