Chief Information Security Officer (CISO) - Governance & Privacy (m/f/d)

As Chief Information Security Officer (CISO), you are responsible for the 2nd line governance for information security and data protection for the entire SIGNAL IDUNA Group as part of the “Three Lines of Defence” model. You report directly to the Chairman of the Board of Management and to the IT Board in a subsidiary line (“dotted line”). In this function, you act as a strategic partner of the Executive Board and at the same time as an independent supervisory authority with policy competence. You ensure that the 1st Line effectively implements the security requirements, taxes the risk reporting to the Executive Board and consistently aligns the security strategy with the company's goals and regulatory requirements such as DORA and GDPR. Your responsibilities Strategic control of information security Total responsibility for the further development of the information security strategy and the associated target architecture Assessment of existing security architecture, identification of structural weaknesses and control of sustainable improvement measures deriving medium and long-term initiatives taking into account technological developments (e.g. cloud transformation)

Information Security Management & Second Line Governance You are responsible for ISMS (e.g. according to ISO 27001) and the company-wide information security risk management You define security standards, policies and governance structures for the 1st Line and establish transparent reporting and escalation mechanisms

Privacy Security & Privacy Policy (2nd Line) Responsibility for privacy security governance in the second line and definition of TOM standards according to Art. 32 GDPR in close coordination with the data protection officer You establish evaluation frameworks (e.g. for Data Breaches) and ensure the integration of data protection requirements with the ISMS

Governance, Risk & Compliance You control the implementation of regulatory requirements such as DORA, VAIT and GDPR Close integration into company-wide risk and control bodies and preparation and support of internal and external audits

Incident Governance & Cyber Resilience General responsibility for Incident Response and Cyber Resilience Governance Ensuring clear processes for detecting, evaluating, escalating and reprocessing safety incidents and, if necessary, controlling internal and external specialists

Leadership & Stakeholder Management You conduct, develop and manage an interdisciplinary security team of around 20 specialists: You act as a central advisor to the Executive Board and work closely with IT, data protection, law, compliance and the departments

have a degree in computer science, IT security or a comparable qualification. brings well-founded leadership experience in information security, ideally as CISO in a highly regulated environment have proven to have experience in building and strategic management of security organizations convinces through conflict resolution competence and communication strength to the board level and masters strategic stakeholder and change management possesses broad technical expertise in information security (e.g. Cloud Security, IAM) and connects it with strategic, risk-oriented thinking are best familiar with relevant regulations such as GDPR, DORA and ideally KRITIS communicates safely in German and English Certifications (required): CISSP, CISM; ISO 27001 Lead Implementer / Auditor; CIPP/E or comparable data protection certification Certifications such as PECB Chief Information Security Officer (CISO), Certified Ethical Hacker (CEH) or CompTIA Security+ are advantageous

expects you a key executive role with direct management mandate and high visibility You will get the design space and decision-making power to develop the information security and resilience organization lead a motivated and committed security team we actively promote and support your personal and professional development Find a modern working environment where information security has a high strategic relevance Work with state-of-the-art tools and technologies as well as strategic partners from research and consulting