Head of Information Security (m/f/d)

{
  "content_hash": "c3025c9a95fa888ca4c1de79fdb1990d41e42f35b7650f258ef5dde7c9734121",
  "source_hash": "e2e0354a4fed01029498270b1a14d963c4ce5de2b04614974dc4f1d6664d6749",
  "last_changed_at": "2026-05-30T06:03:18.305Z",
  "active_status": "active"
}

{
  "language": "en",
  "location": {
    "raw": "Karlsruhe - Burg",
    "city": null,
    "region": null,
    "country": "Karlsruhe - Burg",
    "is_remote": false,
    "confidence": 0.8
  },
  "salary_max": null,
  "salary_min": null,
  "inferred_at": "2026-06-06T07:50:09.814Z",
  "launch_scope": {
    "reason": "personio_production_catalog",
    "included": true,
    "location": {
      "raw": "Karlsruhe - Burg",
      "city": null,
      "region": null,
      "country": "Karlsruhe - Burg",
      "is_remote": false,
      "confidence": 0.8
    },
    "countries": [
      "Karlsruhe - Burg"
    ]
  },
  "remote_policy": null,
  "salary_period": null,
  "workplace_type": null,
  "salary_currency": null
}

{}

{
  "id": "2649946",
  "name": "Head of Information Security (m/f/d)",
  "office": "Karlsruhe - Burg",
  "keywords": [],
  "schedule": "full-time",
  "createdAt": "2026-05-28T10:56:24+00:00",
  "seniority": "experienced",
  "department": "Tech Foundation & Enablement",
  "occupation": "computer_and_network_security",
  "subcompany": "Chrono24 GmbH",
  "employmentType": "permanent",
  "jobDescriptions": [
    {
      "name": "About",
      "value": "As Head of Information Security (m/f/d) you will own and drive Chrono24’s information security program. You’ll combine strategic leadership with hands-on execution to protect a platform trusted by millions of watch enthusiasts worldwide. You’ll shape our security strategy, manage risk across the organization, and ensure we stay ahead of evolving threats and regulatory requirements."
    },
    {
      "name": "What you can expect",
      "value": "<ul><li>You define and drive the information security strategy and roadmap for Chrono24, aligning with business objectives and regulatory requirements including ISO 27001,NIS2, and CRA.</li><li>You own information security governance, risk management, and compliance across the organization, ensuring risk owners understand and act on their responsibilities.</li><li>You lead and coordinate incident response, overseeing our Security Incident Response Team (SIRT) processes and ensuring readiness when it matters.</li><li>You steer our vulnerability management program,coordinating internal scans, external assessments,and take responsibility for our bug bounty program.</li><li>You build and run the security awareness program, including phishing campaigns, training, and fostering a security-conscious culture company-wide.</li><li>You assess and manage third-party and vendor security risks, ensuring our partners and service providers meet our security standards.</li><li>You drive audit readiness and compliance, coordinating ISO 27001 audits, NIS2 preparation, and collaboration with external auditors and your Information Security Officer.</li><li>You contribute to business continuity management, ensuring security considerations are embedded in our continuity processes.</li></ul><br>Your team<br>Your direct team consists of a Principal Security Engineer and an Information Security Officer. The Principal Security Engineer owns application security and our Secure Software Development Lifecycle (SSDLC), including secure coding standards, vulnerability management, penetration testing, and cryptography controls. The Information Security Officer manages ISMS operations, compliance documentation, and audit coordination. Beyond your direct team, you will work closely with Product & Technology, especially Platform Engineering, DevOps, and IT, to embed security into engineering practices."
    },
    {
      "name": "What sets you apart",
      "value": "<ul><li>A technical background in software engineering, DevOps, or a comparable discipline, combined with several years of professional experience in information security.</li><li>Deep understanding of ISMS frameworks, particularly ISO 27001, with hands-on experience in risk management, incident response, and vulnerability management.</li><li>Strong communication skills with the ability to translate security topics for both technical teams and executive leadership.</li><li>A collaborative, pragmatic approach to working with cross-functional teams, external partners, and senior stakeholders.</li><li>Very good English skills; German proficiency is a big plus.</li><li>Bonus points for relevant certifications(CISSP, CISM, ISO 27001 Lead Auditor/Implementer), experience with NIS2 compliance, or familiarity with cloud security(AWS, GCP).</li><li>Don’t worry:watch expertise isn’ta must – we’ll teach you everything you need to know!</li></ul>"
    },
    {
      "name": "What we offer",
      "value": "<ul><li>Salary: 90,000 to 120,000 EUR annually, depending on experience.</li><li>No back doors: We only offer permanent employment contracts.</li><li>30 days of vacation per year.</li><li>Working from HQ in Karlsruhe? Our kitchen conjures up a truly excellent, free meal for you every day.</li><li>On December 24th and 31st, we’ll give you an additional day off.</li><li>Work abroad for up to 20 days per year: Working with a sea view? Yes, please!</li></ul>"
    },
    {
      "name": "Diversity@Chrono24: We believe in the power of diversity.",
      "value": "Diversity is our strength.<br>At Chrono24, we embrace diversity because we believe it enriches not only our corporate culture but also our success. Be yourself – and let’s achieve great things together!"
    }
  ],
  "occupationCategory": "it_software",
  "recruitingCategory": "Full time positions"
}