Head of Information Security (m/f/d)
Indexed description
What You Can Expect
- You define and drive the information security strategy and roadmap for Chrono24, aligning with business objectives and regulatory requirements including ISO 27001,NIS2, and CRA.
- You own information security governance, risk management, and compliance across the organization, ensuring risk owners understand and act on their responsibilities.
- You lead and coordinate incident response, overseeing our Security Incident Response Team (SIRT) processes and ensuring readiness when it matters.
- You steer our vulnerability management program,coordinating internal scans, external assessments,and take responsibility for our bug bounty program.
- You build and run the security awareness program, including phishing campaigns, training, and fostering a security-conscious culture company-wide.
- You assess and manage third-party and vendor security risks, ensuring our partners and service providers meet our security standards.
- You drive audit readiness and compliance, coordinating ISO 27001 audits, NIS2 preparation, and collaboration with external auditors and your Information Security Officer.
- You contribute to business continuity management, ensuring security considerations are embedded in our continuity processes.
Your direct team consists of a Principal Security Engineer and an Information Security Officer. The Principal Security Engineer owns application security and our Secure Software Development Lifecycle (SSDLC), including secure coding standards, vulnerability management, penetration testing, and cryptography controls. The Information Security Officer manages ISMS operations, compliance documentation, and audit coordination. Beyond your direct team, you will work closely with Product & Technology, especially Platform Engineering, DevOps, and IT, to embed security into engineering practices.
What Sets You Apart
- A technical background in software engineering, DevOps, or a comparable discipline, combined with several years of professional experience in information security.
- Deep understanding of ISMS frameworks, particularly ISO 27001, with hands-on experience in risk management, incident response, and vulnerability management.
- Strong communication skills with the ability to translate security topics for both technical teams and executive leadership.
- A collaborative, pragmatic approach to working with cross-functional teams, external partners, and senior stakeholders.
- Very good English skills; German proficiency is a big plus.
- Bonus points for relevant certifications(CISSP, CISM, ISO 27001 Lead Auditor/Implementer), experience with NIS2 compliance, or familiarity with cloud security(AWS, GCP).
- Don’t worry:watch expertise isn’ta must – we’ll teach you everything you need to know!
- Salary: 90,000 to 120,000 EUR annually, depending on experience.
- No back doors: We only offer permanent employment contracts.
- 30 days of vacation per year.
- Working from HQ in Karlsruhe? Our kitchen conjures up a truly excellent, free meal for you every day.
- On December 24th and 31st, we’ll give you an additional day off.
- Work abroad for up to 20 days per year: Working with a sea view? Yes, please!
At Chrono24, we embrace diversity because we believe it enriches not only our corporate culture but also our success. Be yourself – and let’s achieve great things together!
About Us
JOIN US NOW!
We stand for a dynamic company culture with flat hierarchies and strong team spirit. We are growing fast—and love pushing beyond our limits. By actively shaping our future, we create an inspiring and attractive work environment.
Do you want to be part of it? Then apply now and become a valuable member of our team in a company that keeps growing—with you!
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search