Spezialist für Datenschutz, Informationssicherheit, Hinweisgeberschutz, Phishing-Simulation, Schwachstellenmanagement.
Data Protection, Information Security Consultant
Location
Germany
Posted
1 day ago
Salary
0
Seniority
Senior
Job Description
Data Protection, Information Security Consultant
actago GmbH
• Advise national clients on implementing information security (VdS 10000, ISO/IEC 27001, BSI IT-Grundschutz, CISIS12) • Advise on data protection projects and the implementation of the GDPR • Communicate findings and results to clients • Prepare and maintain data protection documentation as well as policies and work instructions • Plan and deliver training and awareness programs • Serve as a point of contact for data protection and IT law-related matters
Job Requirements
- Completed commercial, legal or IT training or a degree in a relevant field
- Professional experience in data protection or information security
- Motivation to develop subject-matter expertise
- Structured and goal-oriented working style
- Strong communication skills and a confident manner
- Willingness to travel frequently
- Business-fluent German
- Proficient with MS Office
Benefits
- Performance-based compensation
- Gym membership
- Company health management program
- Personal mentor
- Company car with private use
- Above-average occupational pension scheme
- Family-oriented work environment with home-office options
- Trust-based flexible working hours
- Opportunity to contribute your own ideas
- Excellent training and development opportunities
- Ergonomic workstations
- Free fruit and beverages
- Team events
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Du gewinnst Neukunden und entwickelst Bestandskunden strategisch weiter • Du positionierst gezielt unsere NTT DATA Security Services mit Cisco-Technologien • Du steuerst den gesamten Sales-Prozess – von der Bedarfsanalyse bis zum Abschluss • Du begleitest Kunden als Trusted Advisor • Du entwickelst Go-to-Market-Kampagnen und bearbeitest den Markt proaktiv • Du arbeitest eng mit Cisco und internen Teams zusammen • Du repräsentierst NTT DATA bei Webinaren, Kunden-Workshops und Events • Du sorgst für eine reibungslose Übergabe an die Delivery und legst die Basis für Renewals und Upselling.
Account Executive – Cyber Security
Quota Crushers Agency - Sales RecruitersWe Recruit Quota Crushers & Presidents Club Champions, Not Just Sales People
• Own the full sales cycle from first conversation to procurement, legal, and close • Build your own pipeline through outbound, warm introductions, existing relationships, events, and channel partners • Open named target accounts quickly using your existing network • Sell into buyers across Security, Legal, HR, Benefits, Executive Protection, and Corporate Risk • Target direct enterprise opportunities, law firms, executive-protection firms, cyber-insurance carriers, benefits brokers, PEOs, and channel partners • Work closely with the founder on early deals, then take full ownership of the sales process • Help document what works so the company can build a repeatable sales playbook • Bring real market feedback into the business from buyers, partners, and prospects
Role Description As the Senior Manager, Information Security, you aren't just checking compliance boxes. You are the architect of FreshBooks' security compliance program, risk register, and governance processes. In this planner-and-operator leadership role, you will hold real authority to shape our multi-year security roadmap and drive cross-functional execution across Engineering, IT, Product, and Legal. You will serve as a trusted, analytical advisor on risk management, ensuring we scale securely by protecting our customers' data while strengthening the robust compliance frameworks that protect our users' trust. You view information security as a true business partner, employing your experience and creativity to enable FreshBooks' innovation in the most scalable, safest ways possible. This is an impactful role offering direct exposure to the Senior Leadership Team and Board as you safeguard our global operations. Beyond the considerable impact of this role and the opportunity to truly shape one of our most fundamental programs, you believe in small business owners. You are motivated by FreshBooks' mission to make running a small service-based business easy, and have a strong desire to alleviate one of the stressors these business owners face. Work location: This role can be worked remotely from within Canada. Posting duration: To account for the Canada Day holiday 🇨🇦, we will accept applications until July 10 and will connect with successful applicants the following week. Thank you for your interest! Qualifications - 8+ years of experience in information security, with a strong focus on compliance, GRC, or security program management. - 3+ years of direct people management experience with a proven track record of developing talent and building cohesive teams. - Hands-on experience successfully navigating and owning PCI DSS and SOC 2 Type II audit cycles. - Proven ability to operate an enterprise risk register and translate those risks into a prioritized Engineering and IT roadmap. - Strong project and program management skills with a meticulous focus on driving accountability across Engineering, IT, Product, and Legal teams. - Experience managing external specialists and consultants for point-in-time assessments or audit peak periods. Requirements - Own FreshBooks’ multi-year security strategy and roadmap, running it with strict program discipline to prioritize initiatives based on business impact. - Oversee the PCI DSS and SOC 2 compliance programs to maintain clean attestations, while operating the enterprise risk register to guide remediation versus acceptance decisions. - Lead and formalize our cross-functional AI Governance Council, defining the review framework for cutting-edge AI use cases and reporting on compliance KPIs. - Turn raw ticket data into strategic insights by designing a highly efficient operating model with strict SLAs, reading queue trends to proactively steer our security strategy. - Own the security metrics program from end-to-end, translating complex operational data into high-leverage, business-framed dashboards for our Senior Leadership Team and the Board. - Manage, coach, and build the Information Security team while designing staffing plans that balance internal headcount with external specialists during peak audit cycles. - Staff and lead the Security Steering Committee to drive critical organizational decisions regarding prioritization, resourcing, and policy approvals. Company Description
Lead Security Engineer
Dev TechnologyDev Technology is a growing IT company with an employee-centric culture that works on mission-critical projects for the federal government. We partner with our federal customers to deliver technology services and solutions, and to drive our client’s missions forward through innovation. We use Agile and DevSecOps principles to provide services including application development, biometrics and identity management, cloud and infrastructure optimization, IT and legacy modernization, and data management.
Role Description We are seeking a Subject Matter Expert (SME)–level Lead Security Engineer to lead application security across a large-scale, cloud-native federal modernization program. This role provides technical and management leadership on major security tasks, embedding security into every phase of the System Development Life Cycle (SDLC) using a DevSecOps methodology. The ideal candidate will architect and enforce Zero Trust principles, drive Authorization to Operate (ATO) activities, and direct application security testing, threat modeling, and vulnerability remediation across a System of Systems (SoS). This position interfaces with senior Government stakeholders and the Office of Information Security (OIS), and decision-making and domain knowledge may have a critical impact on overall program implementation. May supervise others. - Lead the design and implementation of application security solutions, frameworks, and processes across all phases of the SDLC. - Implement Zero Trust (ZT) principles for applications, workloads, and data, aligned with EO 14028, OMB M-22-09, and NIST SP 800-207 (Zero Trust Architecture). - Integrate security into DevSecOps CI/CD pipelines, establishing security gates, automated code inspection, and supply-chain controls, including Software Bill of Materials (SBOM) generation. - Direct Static and Dynamic Application Security Testing (SAST/DAST), vulnerability assessments, and penetration testing to identify, triage, and remediate security weaknesses. - Lead threat modeling exercises to analyze application architecture, identify attack vectors, and document mitigation strategies throughout design, development, testing, and deployment. - Support the Authorization to Operate (ATO) process, including security control assessment, artifact and evidence collection, Privacy Threshold Analysis/Privacy Impact Assessment support, and Plan of Action and Milestones (POA&M) management. - Implement security controls in accordance with the NIST Cybersecurity Framework and NIST SP 800-53, and remediate identified vulnerabilities and compliance findings. - Design and implement secure architecture patterns — secure API design, authentication/authorization, input validation, encryption, secure logging and monitoring (SIEM), and secure error/session/configuration management. - Develop and maintain metrics, dashboards, and reporting to track application security posture, threat trends, and remediation progress over time. - Support the development and management of Interagency Security Agreements (ISA), security playbooks, and incident response in accordance with current cybersecurity policies. - Collaborate with application developers, data engineers, systems engineers, and OIS to identify and mitigate vulnerabilities, and provide expert security consultation to development teams. - Assist in FedRAMP certification activities and the assessment/remediation of independent penetration testing results, as applicable. Qualifications - Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field. - 15+ years of relevant IT/cybersecurity experience, providing technical and management leadership on major tasks or technology assignments (SME level). - Certified Information Systems Security Professional (CISSP). - Certified Cloud Security Professional (CCSP). - Demonstrated expertise in integrating security into a DevSecOps SDLC, including CI/CD security gates and automated security testing. - Hands-on experience implementing Zero Trust Architecture and applying NIST SP 800-53 controls and the NIST Cybersecurity Framework. - Proven experience leading vulnerability assessments, penetration testing, and threat modeling for enterprise applications. - Experience supporting the ATO lifecycle and managing POA&Ms, security artifacts, and evidence collection. - U.S. Citizenship required. Preferred Skills and Experience - Certified Information Security Manager (CISM). - Certified Information Systems Auditor (CISA). - Experience generating Software Bill of Materials (SBOMs) and implementing software supply-chain security controls. - Familiarity with SIEM deployment, container/image hardening, and secure baseline configuration. - Experience in large-scale, multi-cloud federal environments and FedRAMP processes. - Strong analytical, problem-solving, written, and verbal communication skills, including the ability to brief senior Government stakeholders. Benefits - Generous and flexible time-off policy. - Flexible work schedules and telework options, including remote work availability for eligible projects. - Career development opportunities including a mentorship program, technical and management training through Dev University, hands-on learning through DevLab, tuition reimbursement, and paid training opportunities. - Industry-leading benefits including a choice of two health plans that include dental and vision, flexible spending account, commuter benefits, life insurance, and more. - 401K matching with a 5% matching contribution. - Regular team and company social events including our annual party, happy hours, fitness challenges, and more. - A focus on community engagement including company-wide support activities, employer match for donations, and time off for volunteer efforts.


