Ph3About /h3 pAs Head of Information Security (m/f/d) you will own and drive Chrono24’s information security program. You’ll combine strategic leadership with hands‑on execution to protect a platform trusted by millions of watch enthusiasts worldwide. You’ll shape our security strategy, manage risk across the organization, and ensure we stay ahead of evolving threats and regulatory requirements. /p h3What you can expect /h3 ul liYou define and drive the information security strategy and roadmap for Chrono24, aligning with business objectives and regulatory requirements including ISO 27001, NIS2, and CRA. /li liYou own information security governance, risk management, and compliance across the organization, ensuring risk owners understand and act on their responsibilities. /li liYou lead and coordinate incident response, overseeing our Security Incident Response Team (SIRT) processes and ensuring readiness when it matters. /li liYou steer our vulnerability management program, coordinating internal scans, external assessments, and take responsibility for our bug bounty program. /li liYou build and run the security awareness program, including phishing campaigns, training, and fostering a security‑conscious culture company‑wide. /li liYou assess and manage third‑party and vendor security risks, ensuring our partners and service providers meet our security standards. /li liYou drive audit readiness and compliance, coordinating ISO 27001 audits, NIS2 preparation, and collaboration with external auditors and your Information Security Officer. /li liYou contribute to business continuity management, ensuring security considerations are embedded in our continuity processes. /li /ul h3Your team /h3 pYour direct team consists of a Principal Security Engineer and an Information Security Officer. The Principal Security Engineer owns application security and our Secure Software Development Lifecycle (SSDLC), including secure coding standards, vulnerability management, penetration testing, and cryptography controls. The Information Security Officer manages ISMS operations, compliance documentation, and audit coordination. Beyond your direct team, you will work closely with Product Technology, especially Platform Engineering, DevOps, and IT, to embed security into engineering practices. /p h3What sets you apart /h3 ul liA technical background in software engineering, DevOps, or a comparable discipline, combined with several years of professional experience in information security. /li liDeep understanding of ISMS frameworks, particularly ISO 27001, with hands‑on experience in risk management, incident response, and vulnerability management. /li liStrong communication skills with the ability to translate security topics for both technical teams and executive leadership. /li liA collaborative, pragmatic approach to working with cross‑functional teams, external partners, and senior stakeholders. /li liVery good English skills; German proficiency is a big plus. /li liBonus points for relevant certifications (CISSP, CISM, ISO 27001 Lead Auditor/Implementer), experience with NIS2 compliance, or familiarity with cloud security (AWS, GCP). /li liDon’t worry: watch expertise isn’ta must – we’ll teach you everything you need to know! /li /ul h3What we offer /h3 ul liSalary: 90,000 to 120,000 EUR annually, depending on experience. /li liNo back doors: We only offer permanent employment contracts. /li li30 days of vacation per year. /li liWorking from HQ in Karlsruhe? Our kitchen conjures up a truly excellent, free meal for you every day. /li liOn December 24th and 31st, we’ll give you an additional day off. /li liWork abroad for up to 20 days per year: Working with a sea view? Yes, please! /li /ul p : We believe in the power of diversity.br/Diversity is our strength. /p /p #J-18808-Ljbffr