What you'll do
Information Security & Compliance
* Develop, implement, and maintain our Information Security Management System (ISMS) in alignment with ISO 27001, GDPR, BCM, BSI IT-Grundschutz and other relevant frameworks.
* Ensure documentation and compliance with information security policies and procedures including test runs.
* Conduct risk assessments, audits, and evaluations to identify security gaps and recommend improvements. Cybersecurity Monitoring & Management
* Monitor security logs from cloud services, including Google Workspace and other SaaS tools, to detect and respond to potential threats.
* Evaluate and address vulnerabilities based on the OWASP Top 10 and other cybersecurity standards.
* Work with development teams to integrate secure practices into the software development lifecycle (Secure SDLC).
* Train and advise teams on implementing security controls and adhering to compliance requirements. Team Management
* Lead and mentor a team of information security professionals, providing guidance, support, and performance feedback.
* Delegate tasks effectively and ensure team members have the necessary resources and training to succeed.
* Foster a collaborative and positive team environment, encouraging knowledge sharing and professional development.
* Set team goals and objectives, monitor progress, and provide regular updates to management.
What Everphone offers you
* a premium smartphone of your choice for personal use,
* 30 vacation days per year,
* a monthly budget of 30 € in Circula vouchers to spend however you like,
* a 300 € subsidy for public transport,
* two bright, modern offices in the heart of Berlin (Mitte and Kreuzberg),
* a dog-friendly office (Kreuzberg), where your four-legged friend is welcome to join you
* a mental health program with Voiio access for personal and professional solutions, also open to family members
* a dynamic work environment where you can actively help shape your own growth,
* a hybrid work model for more flexibility,
* access to the Everphone Learning Academy to promote professional development,
* a referral program with an up to 2000 € bonus,
* a company pension plan,
* social drinks- and karaoke night to get to know your colleagues better,
* a large open kitchen area with free drinks, snacks and fruit,
* a relaxation area with sofas and a quiet room to simply unwind.
What you’ll need
Compliance Knowledge
* You have a deep understanding of ISO 27001, GDPR, BCM and other relevant information security frameworks.
* You have acquired experience in managing and executing test runs and contributing to ISMS processes and documentation.
* Experience with BSI IT-Grundschutz is a plus. Technical Expertise
* Strong technical background with hands-on experience in security monitoring tools and cloud service security (GCP/AWS, Google Workspace, SaaS environments).
* Familiarity with secure software development practices, vulnerability scanning, and threat modeling. Analytical Skills
* Ability to assess risks, prioritize security improvements, and document findings clearly and concisely.
* Proficiency in analyzing logs and monitoring tools to identify security incidents. Communication & Collaboration
* Excellent communication and project management skills to work with cross-functional teams, including developers, legal/compliance, and operations.
* Capability to provide security training and awareness across the organization.
* Fluency in German and English (both C1). Leadership & Management
* Proven experience in leading and managing a team of information security professionals.
* Strong leadership skills with the ability to motivate, inspire, and guide team members.
* Excellent interpersonal and communication skills to build strong relationships within the team and across the organization.
* Experience in performance management, including setting goals, providing feedback, and conducting performance reviews.
* Ability to foster a collaborative and inclusive team environment.