Information Security Officer (GRC) (m/f/d)

We are seeking an Information Security Officer to join our small but highly skilled security team. This role is a perfect fit for someone who wants to work at the intersection of compliance and technology—contributing to meaningful security processes while also getting hands-on with operational IT security tasks. You will work closely with the CISO and Head-of-IT and be directly involved in shaping and operating our security and compliance framework.

We welcome junior candidates who are motivated to grow into the role, as well as more experienced professionals who want to take on responsibility in a lean, impactful team.

• Project Management: You manage and support security and compliance projects, ensuring timely delivery and alignment with business needs. You support risk management initiatives and contribute to process design for continuous improvement of the GRC framework.
• IT Security Measures & Processes: You design, operate, and improve IT security and compliance processes, including change management, SIEM analysis, and access reviews. You contribute to internal audits and process reviews to identify improvements and strengthen compliance.
• Compliance & Certifications: You serve as the first point of contact for internal compliance processes and related questions. You participate in external audits and present security and compliance processes to auditors. You execute software license audits to verify compliant usage of software libraries and tools.

• IT Project Experience: You have experience managing or contributing to IT/security projects, ideally in hybrid roles that combine compliance and technical aspects.
• IT Security & Certifications: You bring some knowledge of IT security and compliance processes (e.g., ISO 27001, PCI DSS, or similar frameworks). Certifications such as CISSP, CISM, or ISO 27001 Implementer/Auditor are a plus, but not required.
• Compliance Knowledge: You understand governance, risk, and compliance concepts and are motivated to work in a hybrid role between compliance and technical security. You have a strong sense of ownership and are eager to learn and improve.
• Innovation: You are proactive, curious, and ready to drive improvements in processes, tools, and frameworks. You enjoy working in a small, dynamic team and reporting directly to the CISO.
• Communication Skills: You can communicate security topics clearly to both auditors and internal stakeholders. You are proficient in English and German, both spoken and written.

• Your benefits : In addition to 30 days of vacation, we also offer you ajob lunch allowance (€69 per month), a“ Givve ” card(topped up with €50 per month), discounts via “ Corporate Benefits”, the option of leasing aJobRad, pension contributions (occupational pension & VL) and great teamand company events.
• Your workplace : You will work in a flexible, hybrid model from one of ourdog-friendly and modern offices and will have the opportunity to do “ work from abroad ” within the EU for 2 weeks a year(*only applies to employees with an EU passport)
• Your footprint: A position in a profitable company where you have the freedom and confidence to help shape it and work with us on the “ future of work ” .
• The values : We score highly with an open, authentic cultureand ahigh- performingand humorous team that is already looking forward to making bold decisions with you andbreaking new ground that will lead us to sustainable success .
• Your opportunity : From day one, you will have the opportunity to take onresponsibility, drive innovationanddevelop the company andyourself together with ateam of experts.