Information Security Officer (ISO) (m/f/d)

WE MAKE IT WORK. With about 170 employees, Scherr+Klimke AG is one of the leading general planning offices in southern Germany. We plan and manage demanding projects in the fields of construction and engineering and offer comprehensive overall planning with all relevant technical disciplines under one roof. You shape and secure information security in our company. As an ISB, you are responsible for protecting our data, systems and processes – from strategy to implementation.

You will be prudent and develop our Information Security Management System (ISMS) – including guidelines, processes and documentation. You coordinate security incidents, from root analysis to escalation to notification (e.g. according to GDPR). You design and implement security training for employees and executives. You accompany internal and external audits (e.g. ISO 27001) and prepare for certifications. You evaluate and monitor service providers and check security requirements in contracts. You are advising on technical security measures (TOM) such as logging, monitoring or encryption. You'll start security reports and KPIs for the management. You carry out risk and protection needs analyses and take action from them. You will participate in the Business Continuity and Disaster Recovery planning and coordinate tests and exercises. You advise specialist areas and IT on all information security issues.

Qualifications You have a degree in Computer Science, IT Security, Information Management, Cybersecurity, Data Protection & IT Compliance, Embedded Systems Security, Business Informatics or IT Security – or a comparable training/further education. You bring multi-year professional experience in information security, IT security or risk management. For documentation and internal communication, you need good German knowledge in word and writing. Knowledge You know common standards and frameworks such as ISO 27001, BSI IT basic protection or NIST and apply them safely. You have experience in operating and/or building an ISMS (information security management system) You are familiar with the relevant legal and regulatory requirements, from GDPR to NIS2 to KRITIS. You are familiar with audit processes and work with internal and external auditors. Personal competencies You think analytic and structured and keep an overview. You take responsibility and always trade with integrity. You communicate clearly and convincingly – you also understand complex topics. You implement security measures, with enforcing and safe occurrence. You treat proactively and solution-oriented and take responsibility for tasks. Your certifications (of advantage) ISO 27001 (Lead Implementer/Auditor) BSI IT-Grundschutz CISSP, CISM or comparable certifications

a modern working and office atmosphere as a place of exchange, creativity and meeting where networking is actively supported by sports and leisure activities in the team, seasonal corporate events and virtual coffee breaks where you are part of a professional team in which interdisciplinary cooperation is lived, and you look beyond the edge of the plate every day to help you with a sponsor as a starter for structured and collegial integration and to help you quickly find yourself right in the Scherr+Klimke world where you have the opportunity to develop with us and to introduce ideas, because decision takes place at eye level and the paths are short for us where the needs of the different life models and situations are well compatible with the job, thanks to our very flexible working time/time/time regulation You have a modern workplace with all-round ergonomic equipment, the latest software in a central location with good transport connections for bike, public transport, car parks and surrounding catering facilities with fair remuneration and attractive additional services and above average number of holiday days a collegial and esteemed corporate culture that was awarded as GREAT PLACE TO WORK