Project Information Security Officer

NAXCON GmbH, located in the heart of Freiburg, is at the forefront of the German IT and engineering industry. Our experts have extensive knowledge in software and hardware development, state‑of‑the‑art electronics, and future‑oriented technologies such as artificial intelligence and virtual reality. We are not only dedicated to project work for our customers, but also intensively pursue in‑house innovation projects as well as research & development. Renowned companies from a wide range of German industries place their trust in us – demonstrating the outstanding expertise and commitment of our engineers.

Project Information Security Officer

Bonn, Germany

Full‑time/%80 Remote

The Project Information Security Officer (PISO) is responsible for ensuring that all information security requirements within a large‑scale SAP S/4HANA transformation program are implemented, monitored, and continuously improved. The role acts as the central point of contact for project‑related information security, ensuring compliance with international standards, internal policies, and regulatory requirements.

• Implement and oversee security controls aligned with ISO 27001.
• Ensure compliance with internal security policies, procedures, and standards across all project activities.
• Maintain and update the overarching security concept for SAP S/4HANA, including hybrid and cloud‑based (RISE) environments.

• Identify, evaluate, and report security risks within SAP modules (e.g., HR, Core, PPM, ChaRM, patch management, custom extensions).
• Conduct functional and gap analyses to assess compliance with legal, regulatory, and technical requirements.
• Align project security requirements with enterprise security initiatives and the ISO27001 program.

• Support secure configuration, authorization concepts, segregation of duties (SoD), and overall SAP security design.
• Evaluate and recommend protective technologies and countermeasures for safeguarding information assets.

• Ensure proper administrative, physical, and technical safeguards against internal and external threats.
• Prepare security reports, dashboards, and compliance documentation.
• Support the rollout of new SAP cloud‑based modules (incl. HCM for HANA) from a security perspective.

• Serve as the security competence center for the project, providing guidance to all teams involved.
• Act as the primary contact for security‑related responsibilities, questions, and escalations.

• Extensive hands‑on experience as a Project Information Security Officer or similar role in large SAP programs ( > 50 team members).
• Proven track record of at least 500 person‑days of direct experience in SAP security within the last 5 years.
• In‑depth expertise in SAP security audits, best practices (e.g., DSAG guidance, BSI), and secure system configuration.
• Experience creating security concepts and policies for SAP S/4HANA landscapes.
• Knowledge of SAP Secure Login, SNC, and secure system hardening.

• German: C2 (or native level)
• English: B2

• Degree in Computer Science, Information Security, IT, or equivalent vocational IT training OR
• At least 6 years of IT professional experience

• Proficiency with MS Office
• Experience with SAP security tools and audit frameworks

• Strong communication and presentation skills
• High reliability and organisational discipline
• Ability to explain complex issues clearly and consistently
• Professional conduct and conflict‑resolution capability
• Strong teamwork and collaboration mindset

• • Join a cosmopolitan and internationally mixed team: We welcome individuals from all backgrounds and cultures to contribute their unique perspectives and talents to our team.
• • Polish your German language skills: If you are looking to improve your German language skills, we offer a supportive environment where you can practice and develop your language abilities: whether you are a beginner or an advanced speaker.
• • Benefit from a fixed contact person from the company: We understand the importance of having a reliable point of contact within the company. That's why we assign a dedicated contact person who will provide guidance and support throughout your employment with us.
• • Professional growth and development: With us, our engineers can immerse themselves in new industries or projects after just 1‑2 years and actively transfer knowledge.
• • Enjoy regular team events with the company: We believe in the power of team building and fostering positive relationships within the workplace. That's why we organize regular team events to promote collaboration and strengthen our team bonds.
• • Competitive compensation package: At NAXCON, we believe that our engineers are our greatest asset. That's why we offer a comprehensive and competitive compensation package that includes a salary commensurate with experience and expertise.