What To Expect

Your Challenges

• Support management in aligning Caspar Health towards building a security-focused environment
• Train employees directly and help them meet ISMS requirements efficiently and sustainably in business processes
• Take responsibility for annual ISO 27001 audits
• Ensure the organization has optimal incident management, real-time vulnerability management, and cyber defense
• Be fully responsible for all ISMS and cybersecurity topics
• Collaborate closely with executives, tech department, legal, and quality management
• Monitor security landscape, advise system and infrastructure department heads on automated cybersecurity, endpoint security, asset management, and GDPR requirements
• Define and monitor progress of security concept implementation
• Support staff with ISMS-related standard operating procedures (SOPs)
• Work closely with the tech department (DevOps, SecOps, SysAdmin) on configuration and troubleshooting of information security infrastructure devices and systems
• Ensure swift and broad dissemination of security incident information and prevention methods within the company
• Make data security part of Caspar's DNA
• Drive investigation and mitigation processes for security incidents
• Write reports with assessment-based insights, results, and suggestions for system and data security improvements

Your Profile

• Extensive leadership experience in a similar role with software company background
• Experience as network engineer, information security engineer, or system engineer in medium-sized company (100-500 full-time employees)
• Trained employees on system and data security practices, established strong security awareness
• Deep understanding of regulatory requirements (ISMS, PCI-DSS, ISO 27001) with certification and audit experience, guiding external auditors and building relationships
• Experience in regulated industries like healthcare, pharma, finance, or public sector
• Ability to develop and implement comprehensive security strategies aligned with business goals
• Excellent communication, clarifying security needs and supporting optimal and automated ISMS and GDPR compliance methods
• Strong risk management expertise with effective risk assessment and prioritization skills
• In-depth knowledge of cybersecurity principles, standards, frameworks (e.g., ISO 27001, NIST, CIS Controls)
• Expertise in network, OS, and cloud security; knowledge of security systems like firewalls, IDS/IPS, AV & EDR, URL filtering, scanning, risk assessment, forensic tools
• Comprehensive understanding of security principles, protocols, and attack vectors including XSS, Injection, DoS, Hijacking, Social Engineering
• Fluency in German and English, both written and spoken
• Preferably certified CISSP, CCSP, OSCP, or similar

Why Caspar Health?

• Remote-first with flexible working hours – office optional in Berlin Mitte or 90 days per year outside Germany
• Monthly home office allowance and meal subsidy
• 30 days of vacation per year
• Budget for continuing education, conferences, and coaching tailored to your potential and development
• High responsibility and decision-making freedom: no micromanagement, hiring experts who know their craft #MakeAnImpact!
• True collaboration: no silos, no ego – united by a shared vision #ValueFocus!
• Access to Caspar's mental and physical health offerings #HealthyTogether!
• All snack wishes fulfilled, joint sports sessions, an always stocked beverage fridge, and a good sense of humor

Team Culture

• Diversity is everyday life, not just a label
• Feedback is part of culture, not just a tool
• Technology only makes sense if it helps people
• Driven by purpose with professionalism

How to Apply

How to Apply