We are looking for one of our locations throughout Germany as soon as possible:
Senior Security Consultant Information Security and Regulatory (m/f/d)

In this role, you will combine operational responsibility in information security management with consulting expertise in the area of regulatory and compliance-related requirements.
You will take on the function of Information Security Officer (ISM) for selected customers within managed service environments and actively participate in the secure design and management of IT services in the customer context. In doing so, you will coordinate technical, organizational and documentary security requirements in close cooperation with the customer, the service managers and external inspection bodies.
In addition, you will advise customers on the implementation of security-relevant standards and legal requirements, analyze existing security structures and provide holistic support for transformation and compliance projects.

• Implementation of tasks of the IT security officer of a service provider, i.e. responsibility for project-specific security concept developments, risk and protection needs assessments, development of catalogues of measures, tool evaluations and implementation planning
• Establishment, maintenance and further development of ISMS structures according to ISO 27001, BSI IT-Grundschutz, NIST CSF etc.
• Implementation of protection needs assessments, risk analyses, GAP assessments and action planning
• Support of internal and external audits (e.g. B. ISO, BSI, TISAX) as well as follow-up of findings
• Control of technical and organizational measures to ensure information security
• Creation and further development of guidelines, security concepts and reports
• Support in the assessment and handling of security incidents (incident management, CAPA)
• Preparation and participation in audits and security checks
• Definition, creation and review of reports on IT security
• Representing the interests and concerns of the customer internally in order to align customer expectations and service services in the context of information security
• Technical coordination and two-way communication of security services in the context of regular meetings and for the preparation and well-founded discussion of reports
• Responsibility for the provision of services within the framework of complex SLAs in the context of information security as well as technical provision of (managed) security services
• Collaboration in teams from all service delivery resources and external partners of Manage Now in the ongoing operational business to coordinate your own specialist topics
• Recognizing deviations from SLAs and initiating appropriate technical and regulatory measures
• Responsibility for improvement plans in the context of security service provision and information security, their regular review and further development
• Identify and assess service risks, contract risks, and critical escalations
• Proactively examine trends and common issues in the context of information security
• Establishment and compliance as well as optimization of the internal processes of the service provider including the IT governance processes in the context of information security
• Participation in the continuous improvement of service delivery standards in the context of information security
• Active support for the establishment of a portfolio of security consulting services in the area of GRC (governance/risk/comliance) such as security assessments, protection needs analyses, emergency plans and more
• Support of presales projects for security consulting services

• Successfully completed studies in the field of computer science, business informatics, IT security or comparable many years of practical experience in the field of information security and compliance
• Several years of experience in the development and operation of ISMS as well as in consulting on security and compliance issues
• Sound knowledge of relevant standards and regulatory requirements (e.g. B. ISO 27001, BSI baseline protection, NIST, TISAX, GDPR, DORA, NIS2)
• Practical experience in dealing with audits, revisions and certification procedures
• Knowledge of relevant GRC and security tools (Tenable, Verinice, Highscout etc.)
• Relevant certifications are beneficial (e.g. B. ISO 27001 Lead Implementer/Auditor, CISM, CISSP, CISA, data protection certificates)
• Strong analytical skills, structured way of working and convincing appearance
• Very good knowledge of IT security products and processes
• Very good written and spoken German, professional English skills in the subject area
• Willingness to travel on a project-related basis

• Attractive and performance-oriented compensation package
• Flexible working hours and extensive home office regulations
• Flat hierarchies and quick decisions
• Dynamic corporate development under new private equity investor
• Development opportunities in management or expert careers
• Innovative office workplaces and modern IT equipment
• Extensive further education and training opportunities
• Numerous corporate events and perks

Apply now!
If you have any questions, feel free to contact:
karriere@manage-now.de