Information Security Manager (m / f / x)

Nur für registrierte Mitglieder
Jena
EUR 70.000 - 100.000
Jobbeschreibung

Corporate Information Technology (CIT) at the Carl Zeiss Group is a central part of the company's strategy, developing and implementing innovative IT solutions to enhance efficiency and competitiveness. By working closely with various departments, CIT ensures that technological advancements and digital transformations are seamlessly integrated into business processes.

Responsibilities include defining, developing, and reviewing information security policies, procedures, guidelines, forms, and templates in collaboration with Subject Matter Experts.

The role involves recommending and developing measures to ensure compliance with ISO 27001 and other relevant information security standards and frameworks.

Improving the Information Security Risk Management process and conducting Risk Assessments and Analysis to address identified risks.

Further developing and implementing Information Security Auditing across all ZEISS entities and locations in coordination with Regional and Business Information Security Officers.

Supporting communication regarding the ZEISS Information Security Program across all Business Units and Regions.

Driving the development of the ZEISS GRC tool.

The Information Security Manager is part of the InfoSec Certifications and Governance team (CITIC) within Corporate Information Security (CITI) at Carl Zeiss AG, reporting directly to the Head of Information Security Certifications and Governance. This team develops, implements, and maintains the ZEISS Information Security Program, aligned with international standards and considering all business functions and regulatory requirements. Responsibilities include Governance, Risk and Compliance Management, Security Audit Management, and ISMS operations. The role also involves the ongoing development and operation of the ZEISS Information Security Management System, Policy Framework, and Information Security in Supplier Relationships.

Your profile

A university degree in Information Security, Cybersecurity, Computer Science, or a related field, or an equivalent combination of education and substantial hands-on experience.

At least 7 years of progressive experience in Information Security or related areas such as ISMS, GRC, or ISO 27001 auditing.

Deep expertise in designing, implementing, operating, and maintaining ISO/IEC 27001-compliant ISMS, including recertifications in multinational environments.

A proven track record of delivering strategic security initiatives aligned with global business and regulatory requirements.

Strong analytical and problem-solving skills, with the ability to navigate complex security challenges.

Experience managing Information Security KPIs, governance frameworks, and executive reporting.

Solid understanding of compliance across international legal and regulatory landscapes (e.g., GDPR, NIS2, SOX).

Excellent communication and leadership skills, capable of influencing stakeholders across technical, business, and executive levels.

Additional Details

Employment Type: Full-Time

Experience: 7+ years

Vacancy: 1

Location: Jena, Thuringia, Germany