Beschreibung
For our costumer, we are looking for a Information Security Management System (ISMS) Consultant (m/w/d).
The contractor must be at a senior level in compliance, risk and security management area with proven experience in
establishing information security management systems in large multinational organizations with KRITIS-relevance, preferably in energy sector.
Location: 80% remote, 20% onsite in Berlin / Frankfurt am Main
Full-time
Start: 18.08.2025
Tasks:
Planning an ISMS landscape
Implementation and operationalization of ISMS and GRC structures
Audit preparation
Certification preparation support
Measure and Improve the ISMS
Must haves:
- At least 5+ years of working experience in the domain of Information Security Strategy, GRC and ISMS
- Profound experience in the design, implementation, integration and operations of ISMS
- Strong understanding and experience of ISMS development in the context of KRITIS, preferably energy sector
- Experience with implementing and auditing ISMS and GRC processes and further relevant artifacts like policies,
procedures, etc.
- Strong understanding of applicable regulations, their implementation as well as the accordant ecosystem and
authorities (e.g. BNetzA, BSI, NIS-2, CRA, etc.)
- Strong understanding of information security risk management and accordant methods
- Strong project management skills
- Experience in developing relevant metrics and measurement methods (e.g. KPI, KRI and CSI)
- Good understanding of GRC technology and “automation-first” attitude
- Good understanding of cloud-native and hybrid paradigms and technologies
- Good understanding of technology in general, preferably also in regard to traditional OT environments
- Good understanding of security frameworks and best practices for the relevant technical and organizational context
(e.g. CSA CCM, OSCAL, CIS, etc.)
- Experience with product-driven organizations
Must-have language skills:
Fluent English in speech and writing
Nice to haves:
- Relevant regulations for the energy sector (e.g. EnWG, BSI-KRITIS, etc.)
- Relevant standards in particular EU-based TSOs (e.g. IEC 61850)
- Experience as an auditor (e.g. for ISO 27001)
- Experience in the domain of business continuity management, BCMS and disaster recovery processes
- Relevant certificates (e.g. CISM, CISA, ISO 27001 Lead Implementor / Lead Auditor, etc.)
- German in speech and writing (IT subject area)
We are looking forward to your application at https://www.percision.de/projekt/8802/
Have a nice day!
Charlin Bugge
Recruitment Consultant
Fon:
Mail:
Web: https://www.percision.de
percision services GmbH
Agrippinawerft 26 (2.Etage)
50678 Köln
The contractor must be at a senior level in compliance, risk and security management area with proven experience in
establishing information security management systems in large multinational organizations with KRITIS-relevance, preferably in energy sector.
Location: 80% remote, 20% onsite in Berlin / Frankfurt am Main
Full-time
Start: 18.08.2025
Tasks:
Planning an ISMS landscape
Implementation and operationalization of ISMS and GRC structures
Audit preparation
Certification preparation support
Measure and Improve the ISMS
Must haves:
- At least 5+ years of working experience in the domain of Information Security Strategy, GRC and ISMS
- Profound experience in the design, implementation, integration and operations of ISMS
- Strong understanding and experience of ISMS development in the context of KRITIS, preferably energy sector
- Experience with implementing and auditing ISMS and GRC processes and further relevant artifacts like policies,
procedures, etc.
- Strong understanding of applicable regulations, their implementation as well as the accordant ecosystem and
authorities (e.g. BNetzA, BSI, NIS-2, CRA, etc.)
- Strong understanding of information security risk management and accordant methods
- Strong project management skills
- Experience in developing relevant metrics and measurement methods (e.g. KPI, KRI and CSI)
- Good understanding of GRC technology and “automation-first” attitude
- Good understanding of cloud-native and hybrid paradigms and technologies
- Good understanding of technology in general, preferably also in regard to traditional OT environments
- Good understanding of security frameworks and best practices for the relevant technical and organizational context
(e.g. CSA CCM, OSCAL, CIS, etc.)
- Experience with product-driven organizations
Must-have language skills:
Fluent English in speech and writing
Nice to haves:
- Relevant regulations for the energy sector (e.g. EnWG, BSI-KRITIS, etc.)
- Relevant standards in particular EU-based TSOs (e.g. IEC 61850)
- Experience as an auditor (e.g. for ISO 27001)
- Experience in the domain of business continuity management, BCMS and disaster recovery processes
- Relevant certificates (e.g. CISM, CISA, ISO 27001 Lead Implementor / Lead Auditor, etc.)
- German in speech and writing (IT subject area)
We are looking forward to your application at https://www.percision.de/projekt/8802/
Have a nice day!
Charlin Bugge
Recruitment Consultant
Fon:
Mail:
Web: https://www.percision.de
percision services GmbH
Agrippinawerft 26 (2.Etage)
50678 Köln