Global ISMS & IT Compliance Manager (m/f/d)

Possible workplaces: Pforzheim/Germany, Gothenburg/Sweden or Gørløse/Denmark

Help shape a secure, compliant, and audit-ready digital future with us.
We’re looking for a hands-on and execution-focused ISMS & IT Compliance Manager — your go-to role for everything related to information security, data protection (GDPR), and IT compliance.
In this position, you’ll report to the European Digital Service Manager and take the lead in designing and operationalizing our Information Security Management System (ISMS) in line with ISO/IEC 27001. You’ll also ensure our company meets all relevant requirements of the NIS2 Directive and the GDPR — across systems, processes, and documentation. This is both a strategic and operational role: you’ll directly implement security and compliance measures, coordinate efforts across teams, and work closely with auditors and external consultants.

Key areas of responsibility:

• Act as the primary point of contact for all topics related to information security, data protection (GDPR), and IT compliance.
• Lead the gap analysis and define an actionable roadmap toward ISO/IEC 27001:2022 and NIS2 compliance.
• Design, implement, and continuously improve the ISMS, including governance structures, policy frameworks, and security controls.
• Draft, update, and enforce security policies, procedures, roles and responsibilities, and the Statement of Applicability (SoA).
• Define and operate a risk management framework including the risk register and workshop facilitation.
• Oversee and support GDPR compliance activities, including DPIAs, data processing agreements, records of processing activities
  (RoPA/VVT), and SaaS/vendor assessments.
• Prepare and coordinate IT audits (internal and external), including documentation, interviews, and evidence collection.
• Monitor and report on the status of compliance with ISO 27001, GDPR, and NIS2 obligations.
• Drive cross-functional awareness and compliance culture through training, workshops, and advisory support.
• Liaise with external consultants, certification bodies, and regulators as needed.
• Support special IT security or compliance-related projects with your subject-matter expertise.
  
  Requirements:
• Degree in Computer Science, Information Systems, Business IT, or a comparable qualification.
• Several years of experience in IT compliance, information security, or data protection, preferably in a regulated industry.
• Solid expertise in ISO/IEC 27001, ISO/IEC 27002, GDPR, and ideally experience with the NIS2 Directive.
• Experience designing and running ISMS frameworks and leading organizations through IT audits or ISO 27001 certification.
• Familiarity with privacy impact assessments, data processing agreements (DPA), and records of processing activities (RoPA/VVT).
• Strong analytical, documentation, and communication skills across all levels of the organization.
• Fluent in English, German is a strong plus.
• Professional certifications such as ISO 27001 Lead Implementer, CISM, CISSP, or CIPP/E are advantageous.
  
  Our benefits:
• A high-impact role shaping the organization’s IT security and compliance landscape.
• A hands-on, cross-functional position with autonomy and responsibility.
• A collaborative work environment with short decision-making paths.
• Support for professional training and certification.
• Opportunity to make a direct contribution to ISO certification and NIS2 compliance readiness.
  
  If you are interested in learning more about this opportunity and would like to apply, please forward resume to Talisa Lechner via:
  empf.bewerben@elosmedtech.com