Level: Senior

Job Field: IT, Project, Security

Employment Type: Full Time

Contract Type: Permanent employment

Location: Klagenfurt

Working Model: Onsite

Job Summary

In this role, you will develop comprehensive security strategies, implement an ISMS, and conduct risk analyses to ensure information security and compliance with current regulations.

Your role in the team

For the strategic further development of our information security, we are seeking an experienced Chief Information Security Officer (CISO) with solid expertise in ISMS, NIS2/NISG, ISO 27001, GDPR, and cybersecurity governance.
Overall responsibility for the development, operation, and continuous improvement of the Information Security Management System (ISMS) in accordance with ISO 2700x, NISG/NIS2, EU AI Act, BSI Basic Protection, RKE, C5.
Definition and implementation of security policies, processes, and governance structures.
Assessment of new technologies (Cloud, AI, OT, SaaS, etc.) regarding security and compliance risks.
Ongoing analysis of legal and regulatory requirements in the field of IT security, compliance, and data protection, as well as deriving concrete measures.
Development and implementation of cybersecurity strategies and risk management processes.
Consulting and regular reporting to management on risk situation, status of measures, and compliance.
Planning, preparation, and support of internal and external audits (ISO 27001, NISG/NIS2, C5, GDPR) including action tracking.
Participation in the handling of security incidents as well as continuous improvement of the security architecture.
Design and implementation of security awareness and training programs.
Central contact person for authorities, auditors, certification bodies, and internal stakeholders.

This text has been machine translated. Show original

Our expectations of you

Education

Completed degree (FH/University) with a focus on Information Security, IT Security, Cybersecurity, or a comparable field.

Qualifications

Experience in audit processes, risk analyses, protection needs assessments, and business impact analyses.
Excellent knowledge of GDPR, NISG/NIS2, ISO 2700x, and IT security measures.
In-depth understanding of modern IT architectures, network security, cloud security.
Structured, independent, and solution-oriented way of working.
Fluent in German and English.

Experience

Several years of professional experience in information security, compliance/risk management.
Several years of experience in Information Security, Governance, Risk & Compliance (GRC).
Proven experience in establishing and operating an ISMS according to ISO 27001.
Strong conceptual skills as well as experience in project and change management.

This text has been machine translated. Show original

What we offer

A challenging job in the healthcare IT environment with real added value awaits you with us.
The gross monthly salary is based on the classification of the collective agreement for automatic data processing and information technology (basic classification ST2).
The actual salary is, of course, dependent on professional experience and qualifications, with a willingness to pay above the standard.

This text has been machine translated. Show original