Information Security Officer; m​/f​/d

The Role:

What to expect

Role Requirements:

What you need to succeed

• Bachelor’s degree in Information Technology, Computer Science, or a related field.
• 4 – 6 years work experience in information security, compliance, or IT governance.
• Hands‑on experience with ISO 27001 implementation and audits.
• Ideally, you have experience in TISAX requirements and automotive security standards.
• Strong understanding of risk management, threat modelling, and vulnerability management.
• Experience with penetration testing tools and methodologies.
• Knowledge of infrastructure hardening and application security best practices.
• Deep understanding of regulatory frameworks and audit processes.
• Experience maintaining compliance documentation and evidence.
• Excellent problem‑solving and analytical skills.
• Strong verbal and written communication skills in English, German is a plus.
• Ability to work in a highly agile, fast‑paced environment.

• At idealworks, you will find an international working environment and become part of an experienced, open team where mutual trust counts. You will feel at home from the very first second!
• Experience a first‑hand start‑up feeling and flat hierarchies with varied and responsible tasks that you work on independently.
• Look forward to hybrid working model with 30 vacation days per year and various opportunities to balance your free time, family and job.
• For your commitment to helping us achieve our mission, you will not only be rewarded with appreciation, but also with above‑average pay including a bonus scheme and an annual personal development budget.
• We offer exciting corporate benefits, an attractive company pension scheme and regular team events.
• Our modern office is easily accessible by public transport, bike and car and offers numerous catering options for relaxed lunch breaks with your team.
• Driven by our unique corporate culture, the five values “passion for results”, “wellbeing”, “personal growth”, “trust” and “being and acting as one team” determine our daily actions and cooperation.

• Implement and maintain
  
  ISO 27001andTISAXcertifications.
• Own all compliance‑related activities, including but not limited to:
  • Internal and external audit preparation and coordination.
  • Maintaining the Statement of Applicability (SoA) and evidence for controls.
  • Ensuring adherence to regulatory and contractual security requirements.
• Develop and maintain compliance documentation, policies, and procedures.

• Lead security incident response and ensure proper documentation.
• Conduct root cause analysis and follow‑up on corrective actions.
• Own the end‑to‑end BCP process, including but not limited to:
  • Maintain BCP documentation and ensure readiness through periodic BCP drills and readiness assessments.
  • Launch BCP in case of major incidents or disruptions.
  • Coordinate communication with stakeholders during BCP activation.

• Identify, assess, prioritize, and track security risks.
• Monitor timely execution of mitigation plans.
• Perform and review threat modelling for critical systems and processes.

• Overseedata classificationand define retention periods.
• Support infrastructure hardening and application security initiatives.
• Maintain and enhance the security playbook AI model for incident response.

• Plan and coordinate penetration testing and vulnerability assessments.
• Prioritize and follow up on mitigation of PEN test findings.

• Act as a security and compliance subject matter expert for customer‑facing teams.
• Respond to security questionnaires and RFPs.