• Maintain and enhance our ISO 27001:2022 ISMS and policy framework
• Oversee and maintain compliance with DORA provisions concerning ICT risk governance and third-party risk oversight
• Run risk analyses in line with regulations, best practices, Three-Lines-of-Defence model

Engineering & Operations (First-Line Enablement)

• Security-by-Design Reviews: Advise product teams on secure architecture, zero-trust networking and segregation of duties
• Control Lifecycle: Define, monitor and improve technical controls (vulnerability management, hardening baselines, privileged access) together with Development, Infrastructure, and SecOps teams
• Tooling Strategy: Manage and optimise threat intelligence, security event monitoring, intrusion detection, deception, and related platforms to maintain effective coverage, efficiency, and automation

• Manage the NIST-aligned lifecycle (prepare, detect, contain, eradicate, recover, lessons learned)
• Use threat intelligence, vulnerability reports, and similar news sources to assess changes in landscape, threats, and best practices, and provide thoughtful, innovative, and practical guidance to improve our processes and systems
• Coordinate regular cybersecurity exercises to test security controls, incident response processes, and operational resilience, driving continuous improvement

• University degree in computer science or a comparable education
• 3+ years of experience in the IT security domain. Certifications are a plus (CISSP, CRISC, CISM, ISO27001 Lead Implementer or Auditor)
• Working knowledge in implementing and maintaining security certifications (eg ISAE3402, SOC1, SOC2, ISO2700x etc) and maintaining compliance to international security standards
• Experience in the development of practical security processes, policies and standards and management of information security issues and incidents
• Track record of taking responsibility, working independently and without much supervision
• Highly motivated to learn about new topics, technologies, and business cases
• Proficient in spoken and written English is mandatory. German language skills are a plus

• Established and certified security organization and culture, stable and growing multinational company
• Regular performance appraisals, close interaction with all business functions and management
• Growth, development, and learning opportunities, including our internal „360T Academy“
• Offices located directly in the city center
• Multinational and multicultural environment, social gatherings and activities