Information Security Officer (m/f/d)

Role Responsibilities: What you will do

Governance & Compliance

• Implement and maintain ISO 27001 and TISAX certifications.
• Own all compliance-related activities, including but not limited to:
  • Internal and external audit preparation and coordination.
  • Maintaining the Statement of Applicability (SoA) and evidence for controls.
  • Ensuring adherence to regulatory and contractual security requirements.
• Develop and maintain compliance documentation, policies, and procedures.

Incident & Continuity Management

• Lead security incident response and ensure proper documentation.
• Conduct root cause analysis and follow-up on corrective actions.
• Own the end-to-end BCP process, including but not limited to:
  • Maintain BCP documentation and ensure readiness through periodic BCP drills and readiness assessments.
  • Launch BCP in case of major incidents or disruptions.
  • Coordinate communication with stakeholders during BCP activation.

• Identify, assess, prioritize, and track security risks.
• Monitor timely execution of mitigation plans.
• Perform and review threat modelling for critical systems and processes.

Security Operations

• Oversee data classification and define retention periods.
• Support infrastructure hardening and application security initiatives.
• Maintain and enhance the security playbook AI model for incident response.

Testing & Assurance

• Plan and coordinate penetration testing and vulnerability assessments.
• Prioritize and follow up on mitigation of PEN test findings.

Customer & Stakeholder Support

• Act as a security and compliance subject matter expert for customer-facing teams.
• Respond to security questionnaires and RFPs.

Role Requirements: What you need to succeed

• Bachelor’s degree in Information Technology, Computer Science, or a related field.
• 4 – 6 years work experience in information security, compliance, or IT governance.
• Hands-on experience with ISO 27001 implementation and audits.
• Ideally, you have experience in TISAX requirements and automotive security standards.
• Strong understanding of risk management, threat modelling, and vulnerability management.
• Experience with penetration testing tools and methodologies.
• Knowledge of infrastructure hardening and application security best practices.
• Deep understanding of regulatory frameworks and audit processes.
• Experience maintaining compliance documentation and evidence.
• Excellent problem-solving and analytical skills.
• Strong verbal and written communication skills in English, German is a plus.
• Ability to work in a highly agile, fast-paced environment.

Why idealworks

• At idealworks, you will find an international working environment and become part of an experienced, open team where mutual trust counts. You will feel at home from the very first second!
• Experience a first-hand start-up feeling and flat hierarchies with varied and responsible tasks that you work on independently.
• Look forward to hybrid working model with 30 vacation days per year and various opportunities to balance your free time, family and job.
• For your commitment to helping us achieve our mission, you will not only be rewarded with appreciation, but also with above-average pay including a bonus scheme and an annual personal development budget.
• We offer exciting corporate benefits, an attractive company pension scheme and regular team events.
• Our modern office is easily accessible by public transport, bike and car and offers numerous catering options for relaxed lunch breaks with your team.
• Driven by our unique corporate culture, the five values "passion for results", "wellbeing", "personal growth", "trust" and "being and acting as one team" determine our daily actions and cooperation.

About us

Idealworks transforms industrial operations into efficient, fully automated environments where logistics, robotics, software, and people work seamlessly together. Founded in 2020 as a BMW Group subsidiary, the company helps businesses optimize and automate workflows across warehouses, production facilities, and logistics operations. At the core of its offering is the Idealworks Orchestration System (Idealworks OS), the control layer that integrates simulation technology and connects heterogeneous robots for different applications, peripheral devices, and IT systems through a single operational logic. Headquartered in Munich, Idealworks collaborates closely with partners and customers worldwide to advance the next generation of industrial automation.