Group CISO (m/f/d)

HAPEKO is the first address for professionals and managers in Germany. The focus of the activity is the creation of links between specialists and executives with a professional desire for change and suitable companies. HAPEKO (www.hapeko.de) is represented throughout Germany with more than 20 locations. Our client is an expanding, owner-managed company that has been synonymous with quality, sustainability and innovation for decades. As part of the further strategic orientation of IT security, we are looking for an experienced leader as Group Chief Information Security Officer (CISO) (m/w/d). In this key role, you are responsible for the group-wide information security, developing them strategically and ensuring a sustainable level of security through an ISMS according to ISO 27001, clear standards as well as audits and risk management. You act as a central contact for IT security and work closely with management and external bodies. You have several years of experience in IT security – ideally in a senior role – as well as sound knowledge of modern security standards and IT infrastructures. Knowledge of NIS2 and ISO-27001 certifications are required. Experience in the environment of critical infrastructures (KRITIS) is desirable and advantageous. Do you want to actively shape the security strategy? Then we look forward to your contact.

Performance of Group Chief Information Security Officer Control and development of a Security Operations Center (SOC) Definition, implementation and continuous optimization of safety standards and guidelines Establishment, introduction and maintenance of an information security management system (ISMS) according to ISO 27001 Ensuring the appropriate level of protection of the entire organization including Selection of appropriate technologies and measures Planning and implementation of internal and external audits and risk management initiation and monitoring of penetration tests and certification processes Central contact for all departments in questions of IT security Communication with relevant authorities and institutions

Complete study of computer science, economic informatics or comparable qualifications Multiannual relevant professional experience in IT security, ideally in a leading function Deep knowledge of current safety standards, regulatory requirements and best practices Very good knowledge of IT infrastructures, networks, databases and (web) applications Experience in audits, risk management and security organisations English language skills Especially important is our experience in the following areas: • Implementation of regulatory requirements in the context of NIS2 • Introduction and certification according to ISO 27001 • Experience in the KRITIS environment is desirable, but no condition

A responsible key role with direct reporting line to management High design freedom and relevance as part of the strategic corporate orientation in a working environment with a mix of high dynamics, flexibility, ownership and teamwork Attractive compensation package as well as a modern and value-assuring working environment with comprehensive benefits (cars, promoted retirement, service leasing, employee rebates, remote work, individual training and development opportunities etc.) Long-term perspective in a company with short decision paths and flat hierarchies