Information Security Officer (m/f/d)

NOVENTI is the leading provider of billing, software, financial services and digital platforms in the European healthcare market. The offer is aimed at all health care providers such as pharmacies, physiotherapists, ergotherapists, medical hospitals, and doctor's practices. We accompany our customers in digital transformation processes such as eRezept, offer hybrid solutions and connect both the service providers in the healthcare market and the people with each other. Founded 125 years ago, the company headquartered in Munich now comprises over 1,600 employees. Information Security Officer (m/w/d) Munich, up to 50% mobile work possible We are looking for an Information Security Officer (m/w/d) to strengthen our team. In this responsible position, you actively shape the further development of our Information Security Management System (ISMS) and take over the representation of the Chief Information Security Officer (CISO).

You are responsible for the further development and continuous monitoring of our Information Security Management System (ISMS) and ensure compliance with regulatory requirements, in particular in the context of ISO 27001:2022, DORA and NIS2. As a representative of the Chief Information Security Officer (CISO), you support both strategically and operatively in all information security issues and represent the function as needed. The care and further development of policies, standards, processes and control measures in the area of information security is your responsibility. You carry out independent security assessments, protection needs analyses, risk analyses and gap analyses and conduct appropriate measures. Identified non-conformities evaluate you structured and ensure their sustainable improvement. In addition, you monitor the implementation of defined information security requirements in specialist areas, projects and external service providers. You control the provider and third party management from information security perspective and evaluate security requirements of external partners. You initiate and accompany internal and external audits (e.g. ISO-27001 certifications or regulatory audits) and ideally bring experience from at least one fully executed ISMS cycle. A further focus is on reporting as well as the creation of regular reporting and KPI-based evaluations for management and relevant stakeholders. In addition, you will contribute to cross-disciplinary projects of information security and bring your expertise into strategic and operational projects.

You ideally have completed studies, for example in the field of computer science, IT security, economic informatics or comparable qualifications. At least three to five years of professional experience in the field of information security will bring you with you. You have already actively controlled an ISMS and ideally contributed to certifications and internal audits. Knowledge of regulatory requirements such as DORA or NIS2 are available. Experience in a regulated environment is advantageous. You have practical experience in risk management, in the implementation of protective needs and gap analyses, as well as in the creation of address-oriented management reports. Knowledge in provider and third party management completes your professional profile. A technical background is desirable. We require a strong technical understanding of IT architectures, security controls and infrastructure. Ideally, you also have personal certificates in the area of information security. Very good German knowledge of word and writing as well as English knowledge of at least C1 level are required. You work analytically, structured and solution-oriented, have enforcement capacity and also prepare complex technical issues in a comprehensible and targeted manner. Communication strength, sense of responsibility and an independent way of working complete your profile.

Pensions Concepts specifically tailored to our industry and attractive grants Belonio vouchers Monthly credit of up to 50€ for well-known coupon partners Customs Day An individually planned customs day as an additional free day Germany ticket NOVENTI grants the German ticket with 25€ EGYM WELLPASS Beneficiary membership for exercise, compensation and health Company bicycle Bicycle leasing of a high-quality (e-)bike with control advantage Company discount Benefit from attractive employee discount programs HASI-day To enjoy the holidays in full, on Christmas Eve and New Year's Eve is free Education 15 days per year mobile work abroad We stand for the following values: Collaboration: We work together and find solutions to achieve our corporate goals. Innovation: We look beyond the edge of the plate, create creative spaces and have the courage to try something new. Transparency: We communicate clearly and openly and let words always follow actions. Customer focus: We act in all areas and at all levels service-oriented, for the benefit of our customers. Dynamics: We act proactively and live understandable processes. Entrepreneurship: We take responsibility at all levels and make economic decisions with the aim of strengthening the NOVENTI Group. Estimate: We have confidence in each other, are respectful and give constructive feedback. .