devjobs.de
IT Compliance & Information Security Manager
Onventis Gmbh · Stuttgart | Deutschland · Hybrid, Onsite
Gehalt auf Anfrage
Gefunden am 05.06.2026
Beschreibung
Job Zusammenfassung In dieser Rolle entwickelst du das ISMS weiter, koordinierst Audits und dokumentierst Compliance-Maßnahmen, um sicherzustellen, dass alle regulatorischen Anforderungen effektiv umgesetzt werden. Job Zusammenfassung In dieser Rolle entwickelst du das ISMS weiter, koordinierst Audits und dokumentierst Compliance-Maßnahmen, um sicherzustellen, dass alle regulatorischen Anforderungen effektiv umgesetzt werden. Deine Rolle im Team As IT Compliance & Information Security Manager, you play a key role in ensuring trust, compliance, and operational resilience across our organization. You will ensure that the company systematically meets its internal and external requirements for information security, IT compliance, and regulatory resilience. In doing so, you will further develop the ISMS, coordinate documentation and audits, and translate requirements from ISO 27001, NIS2, DORA, SOC/audit requirements such as ISAE 3402, and relevant AI governance guidelines into practical processes for a modern SaaS business model. You will be responsible for managing and continuously developing our Information Security Management System (ISMS) and extending it into an integrated management framework that meets regulatory, legal, and customer requirements. You will operate and further develop the Information Security Management System (ISMS) based on ISO/IEC 27001 and ensure robust policies, standards, controls, and evidence. You will analyze new regulatory requirements and translate them into concrete measures, roadmaps, and internal control mechanisms, particularly in the context of NIS2, DORA, data protection, IT governance, and AI-related requirements. You will coordinate internal and external audits, certifications, and customer reviews, prepare supporting documentation, and serve as the primary point of contact for auditors, customers, business units, and management. You will conduct risk analyses, assess control gaps, and track measures through to sustainable implementation in collaboration with Engineering, Cloud Operations, Legal, Data Protection, and Product teams. You will maintain and improve the IT-related internal control system, including documentation, effectiveness checks, exception handling, and management reporting. You will evaluate service providers, cloud providers, and security-related solutions with regard to compliance, risk, and security requirements throughout their entire lifecycle. You will plan and coordinate awareness, training, and communication initiatives to ensure that regulatory and security-related requirements are effectively embedded within the company. You will support the structured classification of AI use cases and AI systems within the company and ensure that usage, documentation, control, and monitoring obligations under the EU AI Act are appropriately addressed. Unsere Erwartungen an dich Ausbildung A structured, well-documented, and implementation-oriented approach to work with a high degree of personal responsibility. Qualifikationen Ability to translate regulatory requirements into pragmatic processes, controls, and product/operational measures for a SaaS model. Strong communication skills in German and English to collaborate effectively with Engineering, IT, Legal, Data Protection, Customer Success, Sales, and Management. Certifications such as ISO 27001 Lead Implementer or Lead Auditor, CISM, CISSP, or comparable qualifications are desirable. Erfahrung We are looking for someone who brings several years of professional experience in information security, IT compliance, IT risk management, IT audit, or GRC in a technology-driven environment. Practical experience with ISMS according to ISO/IEC 27001, as well as a good understanding of regulatory requirements such as DORA, NIS2, GDPR, and comparable frameworks. Experience in preparing for and supporting internal and external audits and reviews. Unser Angebot At Onventis, you can expect a performance focused culture where your achievements are recognized, your goals are prioritized and your career accelerates. Benefits Gesundheit, Fitness & Fun 🚲 Jobrad 🎳 Team Events Themen mit denen du dich im Job beschäftigst Cyber/Security AI Metadaten Level: Erfahren Job Feld: IT, Security Anstellung: Vollzeit Vertragsart: Unbefristetes Dienstverhältnis Arbeitsmodell: Hybrid, Onsite Unternehmenstyp: Etablierte Firma Branche: Internet, IT, Telekom Ort: Stuttgart | Deutschland