• Conduct comprehensive security and third-party risk assessments to ensure initiatives align with MFA policies, standards, and regulatory requirements, including HIPAA, HITRUST, HITECH, and other applicable healthcare regulations • Identify risks and recommend remediation strategies using risk-based prioritization, mitigating controls, and continuous improvement methodologies • Evaluate, develop, and recommend information security assessment tools, processes, and techniques • Develop and deliver HIPAA security training and awareness programs • Collaborate with internal stakeholders to identify, track, manage, and report security risks • Build, enhance, and support security operations capabilities, including monitoring and response • Develop, implement, and maintain security policies, standards, and procedures to support enterprise-wide risk mitigation • Contribute to and maintain best practices, methodologies, documentation, and templates • Support and coordinate compliance-focused programs and initiatives across the organization • Mentor and support team members on information security practices and standards • Support environments that include hybrid on-premises infrastructure, cloud platforms, and SaaS solutions • Participate in a 24x7 on-call rotation for Information Security • Perform other duties as assigned that are consistent with the role and organizational needs

• Du analysierst Kundenanforderungen im Bereich Daten- und Informationssicherheit, entwickelst maßgeschneiderte Lösungen mit Microsoft Purview und unterstützt als strategische r Sparringspartner in beim Aufbau langfristiger Data-Security-Strategien. • Heißt konkret: du berätst proaktiv, implementierst die Lösungen zusammen im Team und entwickelst konkrete Use Cases, um die Strategien praxisnah umzusetzen. • In Workshops und Trainings vermittelst du praxisnahes Wissen und zeigst unseren Kund:innen, wie z.B. GenAI, Copilot & Co. sicher mit Microsoft Purview abgesichert werden können. • Du beobachtest Markttrends, leitest daraus Use Cases und Business Cases ab und bringst neue Geschäftsmöglichkeiten aktiv in unser Setup ein. • Dabei lebst du ein echtes Presales-Mindset: Lösungen überzeugend präsentieren, positionieren und verkaufen – direkt beim Kunden, auf Events, Roundtables oder Bühnenauftritten. • Gleichzeitig unterstützt du dein Team als Mentor*in, teilst Wissen und förderst die Weiterentwicklung der Kolleg:innen.

• As part of a newly created staff unit, you will take on a key role as Information Security Officer in ensuring information security and will help us further develop and maintain our standards. • You will be responsible for establishing, managing and continuously advancing a company-wide IT security strategy. • You will position IT security as a competitive advantage for chargecloud in the SaaS market. • Develop and maintain a company-wide security strategy that meets our high standards and regulatory requirements. • Define and implement security principles, policies and standards that create a clear foundation for information security across the company. • Take technical responsibility for our Information Security Management System (ISMS) and its continuous improvement. • Support and prepare ISO 27001 audits, including creating the necessary documentation and reports. • Provide technical leadership and work closely with central IT, platform, cloud and engineering teams to translate security requirements into actionable technical measures. • Apply hands-on technical skills, e.g., in Identity & Access Management (IAM), CI/CD pipelines, and cloud and platform architectures to implement security solutions effectively. • Be responsible for compliance topics, particularly with regard to regulatory requirements.

• Protect assets and reduce risk across both public cloud infrastructure and physical warehouse operations. • Ensure effective controls are implemented, adhering to SOC 2 and ISO 27001 standards. • Collaborate with DevOps, IT Operations, and Warehouse Operations teams to build a security-first culture. • Use cloud-native security tools to detect threats, vulnerabilities, and misconfigurations. • Lead technical implementation of security controls required for SOC 2 Type II and ISO 27001 certification. • Review and promote adherence to security policies, ensuring they are practical and enforced. • Automate security control evidence for compliance/audit purposes. • Evaluate third-party software and logistics hardware vendors. • Collaborate with network engineers to secure infrastructure at warehouses locations. • Implement security protocols for warehouse technologies. • Manage and audit physical and logical access controls for warehouse staff. • Oversee Identity and Access Management (IAM) to ensure secure authentication for users, apps, devices, and cloud resources. • Collaborate with the DevOps team to ensure effective SAST/DAST scanning of repos and CI/CD pipelines.