Job Description
Step out of your comfort zone, excel and redefine the limits of what is possible. That's just what our employees are doing every single day – in order to set the pace through our innovations and enable outstanding achievements. After all, behind every successful company are many great fascinating people.In a spacious modern setting full of opportunities for further development, ZEISS employees work in a place where expert knowledge and team spirit reign supreme. All of this is supported by a special ownership structure and the long-term goal of the Carl Zeiss Foundation: to bring science and society into the future together.
Join us today. Inspire people tomorrow.
Diversity is a part of ZEISS. We look forward to receiving your application regardless of gender, nationality, ethnic and social origin, religion, philosophy of life, disability, age, sexual orientation or identity.
Apply now! It takes less than 10 minutes.
Corporate Information Technology (CIT) at the Carl Zeiss Group is a central part of the company's strategy, developing and implementing innovative IT solutions to enhance efficiency and competitiveness. By working closely with various departments, CIT ensures that technological advancements and digital transformations are seamlessly integrated into business processes.
-
Defines, develops and reviews information security policies, procedures, guidelines, forms and templates together with the related Subject Matter Experts.
-
Recommends and develops measures to ensure compliance with ISO 27001 as well as other applicable in-formation security requirements and frameworks.
-
Improves the Information Security Risk Management process and executes Information Security Risk Assessments and Analysis to make sure appropriate measures are taken in order to treat identified Information Security Risks.
-
Further develops and implements Information Security Auditing across all ZEISS legal entities and locations together with the responsible Regional and Business Information Security Officers.
-
Supports communication of all matters relating to the ZEISS Information Security Program into all Businesses and Regions.
-
Drives further development of the ZEISS GRC tool.
The Information Security Manager is a member of the InfoSec Certifications and Governance team (CIT-IC) within Corporate Information Security (CIT-I) at Carl Zeiss AG and reports directly to the Head of Information Security Certifications and Governance. The InfoSec Certifications and Governance team is responsible for developing, implementing, and maintaining the ZEISS Information Security Program within the ZEISS Information Security Organization. The ZEISS Information Security Program is aligned with well-known international frameworks and standards and considers requirements from all business functions across the ZEISS group as well as regulatory requirements. Furthermore, the team's responsibilities include Governance, Risk and Compliance Management, Information Security Audit Management, and ISMS operation. The Information Security Manager is responsible for further development and operation of the ZEISS Information Security Program in areas such as the ZEISS Information Security Management System Process, the ZEISS Policy Framework and Information Security in Supplier Relationships.
-
University degree in Information Security, Cybersecurity, Computer Science, or a related field—or equivalent combination of education and substantial hands-on experience.
-
Minimum of 7 years of progressive experience in Information Security or related areas (e.g., ISMS, GRC, ISO 27001, auditing).
-
Deep expertise in designing, implementing, operating, and maintaining ISO/IEC 27001-compliant ISMS, including re-certifications in multinational environments.
-
Proven track record in delivering strategic security initiatives aligned with global business and regulatory requirements.
-
Strong analytical and problem-solving skills with the ability to navigate complex security challenges.
-
Experience in managing Information Security KPIs, governance frameworks, and executive-level reporting.
-
Solid understanding of compliance across international legal and regulatory landscapes (e.g., GDPR, NIS2, SOX).
-
Excellent communication and leadership skills, with the ability to influence stakeholders across technical, business, and executive levels.