IT Security Specialist

We are looking for a team member with substantial experience in information security and risk governance. Your role will be instrumental in technical organizational decision-making for the Data Space and GHGA projects and will ensure compliance with modern standards for both infrastructures. You will be part of two tightly teams connected spanning cloud engineers, data stewards and interdisciplinary researchers with the joint mission of enabling the secure sharing of sensitive biomedical data for the scientific research community. You will have a diverse set of tasks, shaping the IT infrastructure of the Data Space TRE from the start, while managing the IT security for the operation of the established GHGA Portal and upcoming new functionalities. Your expertise will help ensure the safe operation of the Data Space TRE and GHGA while so contributing to the development of standards in Germany and supporting their role in international efforts. Your responsibilities: Analysis documentation of current operations with respect to IT security, identifying gaps and supporting continuous improvement Implementation and maintenance of a framework for risk and asset management, using modern tools and standards Creation and maintenance of information security management system (ISMS) Implementation and maintenance of a program for security awareness that works across multiple communication channels Regular monitoring of risks through third-party interactors, search as used infrastructures or sub-contractors Provision of information security guidance for IT projects, including the evaluation and recommendation of technical controls Coordination of interaction with external expertise on legal and technical IT security topics

Essential Expertise: Proven experience with core information security frameworks (BSI IT-Grundschutz, ISO 27001) and risk management methodology Hands-on background in developing and implementing risk-mitigation plans, policies, processes, and technical controls Solid understanding of GDPR compliance requirements and IT infrastructure fundamentals (e.g., networking, server roles, system architecture) Fluency in German and English to articulate technical requirements and cooperation with crossfunctional teams and external partners Demonstrated project management skills, with the ability to work independently, solve problems creatively, and drive initiatives to completion Advantageous Qualifications: Knowledge of cloud security guardrails in multi-account environments (e.g., IAM, SCP, centralized logging, encryption, network isolation) CISSP certification or equivalent advanced security credential

Excellent framework conditions: state-of-the-art equipment and opportunities for international networking at the highest level 30 days of vacation per year Flexible working hours Remuneration according to TV-L incl. occupational pension plan and capital-forming payments Possibility of mobile work and part-time work Family-friendly working environment Sustainable travel to work: subsidized Germany job ticket Unleash your full potential: targeted offers for your personal development to further develop your talents Our Corporate Health Management Program offers a holistic approach to your well-being