Information Security Governance and Risk Specialist

Your role at ZEISS Digital Partners

As an Information Security Governance & Risk Expert, you will be instrumental in shaping the future of our security strategy within a cloud-centric digital environment. Your role involves designing and standardizing security frameworks that align with internal requirements and international standards like NIS2 and ISO 27001. You will collaborate with the Business Information Security Officer (BISO) to establish foundational structures and policies, and lead global projects related to security auditing and policy implementation.

• Design and establish standardized security strategy frameworks within a dynamic, cloud-centric digital department.
• Support the Business Information Security Officer (BISO) in creating foundational structures, policies, and risk management processes.
• Align security strategies with internal requirements, NIS2, and ISO 27001 standards.
• Deliver projects related to ISO 27001, information security auditing, and framework policy implementation at a global level.
• Work hands‑on between governance and operational areas to serve as a translator.
• Build information security structures and processes that meet regulatory requirements and raise overall information security awareness.
• Work independently and in a structured manner to solve complex tasks and problems.
• Apply analytical thinking and innovative solutions to enhance security governance.
• Communicate effectively and collaborate within a team.

• University degree in business informatics, engineering, or natural sciences.
• Education or vocational training in information security (Bachelor or Master) or equivalent combination of education and professional experience.
• Minimum 3‑5 years of professional experience in IT or information security management, ISO 27001, information security metrics, or incident management.
• Ideally possess IT security certifications or trainings (e.g., CISA, CISM, ISO 27001 Lead Implementer, TÜV IT Security Manager/Auditor, etc.).
• Proven experience in delivering projects related to ISO 27001 and information security auditing.
• Knowledge of building information security structures and processes aligned with NIS2 / ISO 27001.
• Strong analytical personality with innovative problem‑solving skills.
• Practical knowledge of project management.
• Excellent communication skills and ability to work in a team.
• Business fluent in English; other languages are an advantage.

• Modern technology stack - with room for you to try things out in a high‑tech group.
• 40‑60% hybrid work option.
• Annual flexible benefits (cafeteria, private health plans, annual bonus).
• Ability to directly deliver software into real, innovative products.
• Global exposure [needs to be worked on]
• Excellent teammates and a lead to support your development from day one onward.

Your ZEISS Recruiting Team:
Wenner Lili