What To Expect
Caspar Health was founded in 2016 and is a digital clinic with a vision to provide everyone access to effective healthcare everywhere. This is your chance to redesign traditional health concepts in prevention and rehabilitation so that people receive the best possible care during and after their hospital stay regardless of time and location.
Our highly motivated team works daily to bring together healthcare and technology for the benefit of our patients and to improve the healthcare system through innovation.
As Head of Information Security / CISO at Caspar Health, you ensure readiness for ISO 27001 and GDPR audits and maintain up-to-date cybersecurity infrastructure. If you want to contribute to one of the biggest changes in healthcare, apply and become a Casparian.
Your Challenges
- You support management in aligning Caspar Health towards building a security-oriented environment.
- You train our employees directly and help them efficiently and sustainably meet ISMS-relevant requirements in our business processes.
- You take responsibility for our annual ISO 27001 audits.
- You ensure the organization has optimal incident management, real-time vulnerability management, and cyber defense.
- You are fully responsible for all ISMS and cybersecurity topics.
- You work closely with our executives, the Tech Department, Legal, and Quality Management.
- You monitor the security landscape, serve as a contact for our system and infrastructure department heads, and advise on state-of-the-art automated cybersecurity, endpoint security, asset management, and GDPR requirements.
- You define and monitor progress of security concept implementation.
- You support staff with ISMS-related requirements in standard operating procedures (SOPs).
- You work closely with our Tech Department (DevOps, SecOps, SysAdmin) regarding configuration and troubleshooting of information security infrastructure devices and systems.
- You ensure everyone in the company quickly learns as much as possible about security incidents and prevention.
- It is a key concern that data security becomes part of our Caspar DNA.
- You drive the investigation and mitigation process of security incidents.
- You write reports including assessed insights, results, and proposals for further system and data security improvements.
Your Profile
- You have solid leadership experience in a similar position and experience from a software company.
- You have experience as a Network Engineer, Information Security Engineer, or System Engineer in a medium-sized company (100-500 full-time employees).
- You have trained employees at all levels on system and data security and best practices, successfully establishing a strong security awareness within the organization.
- You have deep understanding of regulatory requirements related to ISMS, PCI-DSS, and (cyber)security-relevant ISO standards (ISO 27001), with strong expertise in implementation, certification, re-examination, guiding external auditors, and building relationships.
- You bring experience from regulated sectors such as healthcare, pharmaceuticals, finance, or public sector.
- You are fully capable of developing and implementing comprehensive security strategies aligned with business requirements and organizational goals.
- You communicate excellently, provide clarity to employees at all levels about the "what" and "how," and support them in finding optimal automated methods to meet ISMS and GDPR requirements.
- You have excellent understanding of risk management methods and the ability to effectively assess and prioritize risks.
- You have acquired extensive knowledge of cybersecurity principles, industry standards, frameworks, and best practices (e.g., ISO 27001, NIST Cybersecurity Framework, CIS Controls).
- You have exceptionally strong expertise in network, operating system, and cloud security and good knowledge of security systems including FW, IDS/IPS, AV & EDR, URL-F, scanning, risk assessment, and forensic tools.
- You have a comprehensive understanding of the latest security principles, techniques, and protocols and know potential attack vectors like XSS, injection, DoS, hijacking, social engineering, etc.
- You are equally comfortable in German and English, both written and spoken.
- Ideally, you are certified with CISSP, CCSP, OSCP, or similar credentials.
Why Caspar Health?
- Remote-first with flexible working hours – office optional in Berlin Mitte or 90 days per year outside Germany.
- Additionally, we support you with a monthly home office allowance and a meal subsidy on top.
- Ample time to recover – 30 days vacation per year.
- Budget for training, conferences & coaching, matching your potentials and development opportunities.
- High responsibility & decision-making freedom: no micromanagement – we hire experts who know what they are doing #MakeAnImpact!
- Real collaboration: no silos, no egos – we all have the same vision #ValueFocus!
- Access to all Caspar offers in mental & physical health #HealthyTogether!
- And yes – all snack wishes, joint sports sessions, an endless drink fridge & a good dose of humor too.
Our Team
- We live diversity – diversity is not a showcase but everyday practice.
- Feedback is not a tool but part of our culture.
- We believe technology only makes sense when it helps people.
- Our drive is purpose – but our standard is professionalism.
Application
Please apply now and become part of Caspar Health. Together we make a difference.
Your contact is Dana Kussatz, Talent Acquisition Expert.
We are interested in your earliest possible starting date and salary expectations. If you have any questions, please contact
[email protected]. We will get back to you as soon as possible.
Our product Caspar Health is used in medical facilities with patients, doctors, and therapists. Our daily routine includes working with (sensitive) personal data (e.g., health data). Therefore, we expect a high commitment from our employees to protect personal data and safeguard the rights of the data subjects to the best possible extent.
Diversity and Inclusion
At Caspar Health, we strive to provide all Casparians with a friendly, safe, and inviting environment regardless of gender, gender identity and expression, sexual orientation, disabilities of any kind, physical appearance, social background, age, or religion (or lack thereof).
In your application, your experience and motivation are our main focus. You decide what additional information you want to disclose (picture, marital status, religion, gender, nationality, etc.). We appreciate and treat all applications equally.
Privacy Notice
Please apply exclusively via our application link to ensure the protection of your data. Our privacy policy can be found here.
About Us
Caspar Health is a digital rehabilitation clinic with a vision to provide patients with access to the most effective rehabilitation treatment anytime, anywhere.
Medical facilities use Caspar Health to conduct therapy online with their patients during hospital stays and after discharge. The combination of learning technology with in-depth medical knowledge ensures sustainable achievement of therapy goals.
The services are covered by numerous pension insurance companies in rehabilitation, prevention, and aftercare.