Information Security Lead
Information Security Lead
Full-Time Position
Location: Germany (Hamburg or remote) or Iceland (Reykjavik or remote)
Department: Regulatory & Compliance
Reports to: Director of QM & RA
Your role in helping us achieve our mission
As an Information Security Lead, you are responsible for improving and managing the security management systems which need to fulfil requirements of i.e. ISO 27001, HiTrust. You identify vulnerabilities and work with our product and tech teams, to resolve them while ensuring that our platform and data remain secure. To be successful as an Information Security Lead, you are an expert in analytical skills and have in-depth knowledge of best practices to prevent a wide range of security threats. Furthermore, you are an excellent communicator and are able and like to train and educate our staff on various information security topics.
Responsibilities
- Hardening the security of our platform by i.e. conducting information security risk and compliance assessments for Sidekick Health’s internal processes, tools, products, and third-party systems to ensure compliance with industry standards and internal information security policies.
- Collaborating with management and product teams to improve security.
- Communicating and promoting Sidekick Health’s corporate rules relevant to information security, educating colleagues about best practices for information security.
- Keeping up to date with developments in IT security standards, threats and the development in the area of AI.
- Overseeing penetration tests to find any flaws.
- Continuously monitor, evaluate, and enhance security controls to adapt to evolving cyber threats and technological changes.
- Documenting any security breaches and assessing their damage.
- Coordinate information security-related activities (e.g. internal audits, external audit preparations) in their area of responsibility.
Must haves
- Hold a degree in computer science or a technology-related field.
- Have 3-5+ years of experience in a similar role.
- Excellent written and oral communication skills and the ability to communicate complex security concepts to technical and non-technical audiences.
- Experience with conducting information security risk assessments.
- Experience with security frameworks/standards (e.g. NIST CSF, ISO 27k family, BSI, etc).
- Hands-on experience with compliance audits and regulatory assessments.
- Knowledge/good understanding of most common data security & privacy regulations (e.g, GDPR).
- Familiarity with cloud concepts & technologies (e.g. infrastructure as code, serverless architecture, etc.)
- Excellent written and verbal skills in English.
- A strong commitment to self-development, particularly in Cybersecurity, DevSecOps and Data privacy.
- Be humble, yet driven and determined & have a team-first mentality.
Desired Requirements (Preferred)
- Good understanding of DevSecOps principles and modern-cloud architecture.
- Excellent written and verbal skills in German.
So, do you care to join us?
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
einen besseren Job
