About the role

Information Security Manager at NVISO enhancing clients' cybersecurity posture through strategic management and consulting. Collaborating closely with clients and leading a team of CISOaaS/GRC consultants.

Responsibilities

Lead and manage a team of CISOaaS/GRC consultants to deliver high-quality services to clients
Collaborate closely with clients to understand their business objectives, risks, and specific security requirements
Assess clients' security maturity (using ISO, BSI or NIST standards) to identify gaps and areas for improvement
Develop and implement a fit-for-purpose security program aligned with industry standards
Act as the security champion for client engagements, promoting a security-first mindset
Conduct risk assessments, identify potential vulnerabilities, and recommend risk mitigation strategies
Oversee and support implementation of the security program, including policies, procedures, and controls
Provide management updates on the overall ‘state of security’ for client organizations
Convene steering committees with relevant stakeholders to guide and adapt the security program as needed
Actively participate in the sales process by drafting and presenting Statements of Work, project plans, and project requirements for work carried out by your team
Perform technical account management duties for select top-tier, strategic clients

Eligible for NATO clearance
Bachelor’s degree in Business Administration, Information Security, or a related field
Professional certifications such as CISA, CISSP, CISM, ISO 27001 Implementer/Auditor or equivalent are strongly preferred
Proven experience as a CISO and/or in successfully implementing ISO 27000 series or BSI IT-Grundschutz for clients
In-depth knowledge of relevant industry standards and frameworks, such as ISO 27001, DORA, NIST, NIS-2, GDPR, etc.
Familiarity with risk management methodologies and their application to cybersecurity
Excellent written and verbal communication skills in English and German to convey complex concepts to technical and non-technical stakeholders
Strong leadership skills with experience managing teams and collaborating with clients and cross-functional teams

Training budget of €10,000 plus 10 days of paid development leave (rolling over two years)
Work with and learn from leading experts in the European cyber security community
Several SANS instructors on staff and representation at major security conferences (Black Hat, BruCON, OWASP, etc.)
Prestigious continuing education opportunities (GSE, GXPN, CISSP, OSCP, etc.)
A forward-thinking, agile company that supports creation and implementation of new initiatives
Unique team events (e.g. Lisbon, Dubai, Malta, Lapland)
Comprehensive coaching program starting on day one
30 days of vacation
Flexible working hours and home-office options (including Working Abroad option within the EU)
Cost coverage for Deutschlandticket and BahnCard 50
Company bicycle leasing
Company pension scheme
Modern offices in the heart of Frankfurt and Munich (roof terrace, table tennis, gaming console, BBQ)