Information Security Officer (ISO) (m/f/d)

Information Security Officer (ISO) (m/f/d)

Your mission

We are seeking a hands‑on Information Security Officer (ISO) to join the Compliance Department and drive company‑wide, cross‑functional initiatives that strengthen our information security and compliance posture. You will lead and coordinate projects across regulatory, operational, and strategic topics—combining strong project management skills with deep engagement in security and compliance content.

In this role, you will take ownership of key elements of our Information Security Management System (ISMS), support initiatives such as ISO 27001 implementation and continuous improvement, internal security policy rollouts, supplier/third‑party security, security awareness, and other company‑wide programs that create measurable risk reduction and business value. You are structured, pragmatic, detail‑oriented, and capable of driving initiatives forward independently while aligning stakeholders across the organization.

Building and maintaining the ISMS

• Support the establishment, implementation, maintenance, and continuous improvement of the ISMS in line with ISO/IEC 27001.
• Develop, maintain, and govern the information security policy framework (policies, standards, procedures, templates).
• Coordinate periodic management reviews, ensure security objectives/KPIs are defined, monitored, and reported.
• Maintain security documentation and evidence to demonstrate control effectiveness and compliance.

Risk Management & Internal Controls

• Run and continuously improve the information security risk management process (risk assessments, treatment plans, risk acceptance, tracking).
• Ensure security controls are designed, implemented, and operating effectively across people/process/technology.
• Identify and track security risks, dependencies, and remediation actions; proactively escalate blockers and priority issues.

Project & Program Management (cross‑functional delivery)

• Lead end‑to‑end delivery of security and compliance‑related projects (scope, timelines, objectives, success criteria).
• Monitor milestones, budgets (where applicable), dependencies, and outcomes; proactively mitigate delivery and security risks.
• Ensure robust documentation and reporting of project progress, decisions, and results.

Compliance, Audit & Continuous Improvement

• Prepare and coordinate internal and external audits (e.g., ISO 27001), including planning, evidence collection, and follow‑up on findings.
• Maintain the audit action plan and ensure timely remediation and verification of corrective actions.
• Support alignment with relevant regulatory and contractual requirements (e.g., GDPR interfaces, customer security requirements).

Incident Oversight & Security Operations Enablement

• Support or coordinate security incident management processes (triage, coordination, lessons learned, corrective actions).
• Help maintain and improve security processes such as access governance, vulnerability remediation governance, and secure change processes (in collaboration with IT).

Security Awareness & Change Enablement

• Coordinate security awareness and training initiatives (content, rollout plans, completion tracking).
• Support change management for new security processes, tools, and policies to ensure adoption and sustainable operations.

Third‑Party / Supplier Security (in collaboration with Procurement/Legal/IT)

• Support implementation of third‑party security practices: security questionnaires, due diligence, risk assessments, and contract/security clause alignment.
• Track third‑party security risks and remediation actions; support periodic reviews of critical suppliers.

Stakeholder Engagement & Communication

• Coordinate across multiple departments (IT, Legal, Procurement, Product/Engineering, HR, etc.).
• Facilitate workshops, risk reviews, decision forums, and alignment meetings.
• Maintain clear communication with stakeholders at different levels, translating complex security topics into actionable plans.

Your profile

• Bachelor’s degree in IT, Security, Engineering, Law, Business or related field
• 3+ years of experience in information security, compliance, governance, or security‑focused project/program management
• Demonstrated ability to manage complex, cross‑functional initiatives independently
• Strong analytical skills with the ability to communicate complex security/compliance topics clearly
• Hands‑on mentality with excellent organization and time‑management skills
• Proficiency in project management and documentation tools (e.g., Jira, Confluence, Monday)

Nice to have / Plus

• Certifications such as ISO 27001 Lead Implementer/Lead Auditor or comparable
• PMP/PRINCE2/Agile/Scrum certification
• Understanding of frameworks and topics such as ISO 27001, GDPR, risk management, internal controls, ESG interfaces
• Fluent in English (written and spoken)

Preferred Qualities

• Comfortable working in a fast‑paced, evolving environment
• Able to switch between strategic oversight and operational detail
• Strong communication skills (written and verbal), with stakeholder influencing ability

PTV Logistics – a leading global software company for transportation logistics! We calculate and optimize route planning for logistics companies with record‑breaking algorithms to maximize time and cost savings. With more than 40 years of experience, we help to put theory into practice! Interested? Then take a look at our website: https://www.ptvlogistics.com/en