About the role

Information Security Officer responsible for managing ISMS and ensuring security measures at aedifion. Focused on integrating security into processes and conducting audits for compliance.

Responsibilities

ISMS operation & continuous improvement: Take sole responsibility for operating our ISO 27001-certified ISMS and drive its ongoing development through targeted process optimization.
Tool integration & automation: Select appropriate ISMS tools based on hands-on experience, implement them independently, and raise the level of automation by integrating them into existing IT infrastructures.
Security controls implementation: Independently implement technical and organizational security measures in close collaboration with IT, HR, Engineering and Finance, and seamlessly integrate them into business processes.
Audit & review management: Independently conduct internal, external and customer audits as well as management reviews, ensure successful recertifications and professionally guide customers through audit processes.
Awareness & training: Design and implement effective awareness and training programs that embed security awareness into the corporate culture long-term and drive measurable behavioral change.
Effectiveness monitoring & reporting: Monitor ISMS effectiveness through systematic analysis and meaningful KPIs, and produce compelling reports for management, employees and customers.
ISMS scaling: Flexibly adapt the ISMS to company growth and new regulatory requirements, ensuring sustainable scalability through intelligent architecture.

Practical implementation experience: Extensive experience in independently establishing, operating and continuously improving ISMS in corporate environments, with proven success across multiple full implementation or optimization cycles.
Specific tool expertise: Deep hands-on experience with common ISMS tools from real-world corporate deployments, including independent selection, implementation and integration into existing IT landscapes.
ISO 27001 expertise: In-depth knowledge of ISO 27001 requirements with proven experience in successfully conducting initial and recertification audits as well as customer audits.
Certifications: ISO 27001 Lead Implementer or Lead Auditor, ideally complemented by CISSP, CISM or comparable certifications that substantiate your practical expertise.
Technical understanding: Solid IT knowledge and system administration skills to independently evaluate, implement and integrate technical security measures in cloud and on-premises environments.
Languages: Business-fluent written and spoken English for professional audits, precise documentation and international collaboration.

Remote work: Structure your workday to suit your needs—with flexible hours, short core hours and the freedom to work from our modern Cologne office, remotely from anywhere in Germany, or up to 10 days per year from other European countries.
Long-term prospects: After the probationary period, we offer a permanent employment contract.
Well-being package: 30 days of annual leave, fresh organic fruit, regional coffee, free drinks and a monthly team breakfast to keep you energized.
Professional development: We support you with tailored training opportunities to advance your career.
Tech stack: You will receive modern work equipment of your choice—Microsoft or Apple—as well as high-quality noise-cancelling headphones for focused work.
Mobility package: Stay mobile: choose between the Deutschlandticket (Germany public transport pass) or a JobRad bike—for commuting or private use.
Pension benefits: Contributions to capital-forming benefits (VWL) or company pension schemes (bAV).
#teamaedifion: Regular team events, collaborative work on an equal footing, active knowledge sharing and flat hierarchies foster strong teamwork and open communication.
Dog-friendly office: Bring your dog to work—we welcome some animal support.