Mesalvo – Die Healthcare-IT-Experten.
Head of Security
Location
Germany
Posted
5 days ago
Salary
0
Seniority
Lead
Job Description
Head of Security
Mesalvo GmbH
• You will strategically develop information security and data protection, shaping an effective ISMS according to ISO/IEC 27001 and a privacy organization aligned with the GDPR. • You will advise management, IT and business units as a trusted sparring partner and support projects with pragmatic, secure solutions. • You will assess risks, derive appropriate measures and ensure sustainable improvement of security and data protection processes. • You will embed Security by Design and Privacy by Design into IT, processes and product development. • You will develop and maintain policies, processes and documentation in a practical and easy-to-understand manner. • You will support audits, ensure compliance with regulatory requirements and drive measured improvements. • You will coordinate security incidents and data breaches, analyze root causes and implement effective remedial actions. • You will promote an open security and privacy culture through advisory services, training and awareness activities — working collaboratively, solution-oriented and with the aim of making a real impact.
Job Requirements
- You have hands-on experience in information security and data protection and enjoy implementing security requirements in a pragmatic, solution-focused way.
- You are motivated to drive change, advance improvements and view information security as support for the business, not merely a compliance task.
- You are familiar with cyber security, cloud environments, protection of sensitive data and relevant data protection requirements.
- You have practical, hands-on experience handling security risks and conducting vulnerability assessments.
- Ideally, you have a background in software development and can discuss technical issues with development teams on equal terms.
- You are comfortable using modern collaboration tools such as Confluence and Jira and use them for structured documentation and tracking of measures.
- You communicate confidently in German and English and can convey complex security and privacy topics in an understandable way.
Benefits
- Flexible working hours: In agreement with your team, you can decide when your day starts.
- Remote work: Mobile working, home office or up to 20 days per year working from abroad — you decide where you feel most comfortable.
- Employee benefits: From job bike schemes to gym memberships — we support your physical activity.
- Health promotion: Enjoy a range of offerings that support your well-being — because people are our focus.
- Events: To keep things fun, we regularly organize company runs, team events and holiday parties.
- Onboarding: Careful onboarding by a friendly and open team — who will be available to support you throughout the onboarding process.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
VP, Facilities, Security & HSE – Global
QuantinuumQuantinuum is a leading quantum computing company focusing on advancing the development and application of quantum technologies. With the goal of delivering pra
• Develop and execute global facilities and real estate strategy aligned to business growth and innovation priorities. • Oversee site selection, lease negotiations, capital projects, and portfolio optimization. • Lead design, construction, and operation of complex environments including laboratories, cleanrooms, and technical facilities. • Drive cost efficiency, vendor performance, and long-term asset planning. • Ensure reliability and uptime of critical infrastructure systems (e.g., HVAC, power, specialized lab systems) • Partner with engineering and R&D teams to support advanced technical equipment and experimental environments. • Establish standards for maintenance, lifecycle management, and capacity planning. • Lead global physical and cyber security strategies, including access control, surveillance, incident response, and risk mitigation. • Protect people, intellectual property, and sensitive assets across all sites. • Coordinate with cybersecurity, legal, and compliance teams on integrated risk management. • Build and maintain a world-class HSE program ensuring compliance with all local, national, and international regulations. • Promote a proactive safety culture across laboratories, manufacturing, and office environments. • Oversee risk assessments, audits, training, and incident management. • Lead and scale a high-performing, multidisciplinary global team. • Establish policies, KPIs, and governance models for facilities, security, and safety operations. • Partner with executive leadership on risk, continuity planning, and enterprise resilience. • Manage budgets, capital investments, and vendor relationships.
Role Description Cybersecurity Program Management - Lead coordination efforts with Information Security and Governance Risk & Compliance (GRC) leadership to strategically plan, execute, and oversee cybersecurity initiatives, ensuring alignment with company-wide objectives and regulatory compliance. - Direct and refine ongoing continuous monitoring requirements to ensure effectiveness and audit readiness. - Help lead and participate in FedRAMP audits, driving documentation strategy, POA&M tracking, and interdepartmental reporting between vendors, internal teams, and Security leadership. - Guide the team in identifying and prioritizing improvements for NIST 800-53 control effectiveness and maturity. - Coordination of risk assessments, vulnerability management activities, and security training schedules in collaboration with key stakeholders. IT Program Management - Partner and collaborate across the organization to align on strategic objectives and shape roadmaps IT and Security navigating complex, high-impact projects, with agility to re-prioritize as needed. - Drive initiatives to streamline operational efficiency, and maximize software utilization across the enterprise. Governance, Risk, and Compliance (GRC) - Collaboration with the GRC team to ensure policies, procedures, and standards are proactively updated to maintain alignment with evolving compliance frameworks. - Facilitate security risk assessments, ensuring thorough documentation of critical risks and establishing measurable strategies to drive risk mitigation and accountability. Incident Response - Provide strategic input in incident response planning and execution, contributing to the design of response processes and assisting in escalation and resolution of security incidents as needed. Project Management - Drive delivery of complex, cross-functional projects—from requirements gathering through implementation—defining schedules, scopes, and mitigation plans for enterprise-level initiatives. - Demonstrate expert-level capability in managing multiple, concurrent initiatives with conflicting priorities and tight deadlines, ensuring alignment with organizational goals. - Optimize use of project management tools such as Jira or Notion to enhance transparency, reporting, and collaboration. Qualifications - 10+ years of progressive experience in cybersecurity, FedRAMP, or IT program management with a proven track record of leading large-scale security or compliance programs. - Demonstrated leadership in Program Management related activities, including continuous monitoring, documentation, and third-party assessments. - Deep expertise in NIST frameworks (800-53, 800-30, 800-161) with the ability to advise teams and influence policy and control implementation. - Experience overseeing multiple compliance programs (e.g., SOC 2 Type 2, HIPAA, SOX ITGC) and ensuring cross-functional coordination for audit readiness. - Strong executive communication skills with the ability to present complex security topics to both technical and non-technical audiences. - Advanced problem-solving, strategic thinking, and decision-making abilities in complex IT environments. - U.S. citizenship required due to federal compliance. - Must meet identification verification requirements prior to start. - Demonstrated ability to thrive in high-pressure, fast-paced environments while managing competing priorities. - Open to Remote candidates. Preferred - Industry-recognized certifications such as CISA, CISSP, or PMP. - Experience with security and monitoring tools such as Jira, Splunk, Tenable, and Trend Micro. - Strong knowledge of cloud architectures, especially AWS and associated services. Compensation Range $144,000 — $195,000 USD A candidate’s final salary offer will be based on their skills, education, work location and experience, and thus it may differ from the posted range. Compensation may also include bonuses consistent with Ceribell’s corporate compensation plan. Note, the above description is not all-encompassing and Ceribell reserves the right to change or modify job duties and assignments at any time. Benefits - Performance-based incentive compensation (varies by role) - Equity opportunities - 100% Employer paid Health Benefits for Employees - 50% - 70% Employer paid Health, Dental & Vision for dependents (depending on plan selection) - 100% paid Life and Long-Term Disability Insurance - 401(k) with a generous company match - Employee Stock Purchase Plan (ESPP) with a discount - Monthly cell phone stipend - Flexible paid time off - 13 Paid Holidays + 3 Company Wellness Days - Excellent parental leave policy - Fantastic culture with tremendous career advancement opportunities - Joining a mission-minded organization! Application Deadline Ongoing Other Job Details Ceribell reports transfers of value to health care providers (HCPs) as required by federal and state transparency laws. These laws and implementing regulations require Ceribell to provide government agencies with HCPs’ names, addresses and the type of payments or other value received, generally for public disclosure. If you are an HCP and we pay or reimburse your recruiting expenses as a result of interviewing with Ceribell, your name, address and the amount of payments made may be reported to the government. Equal Opportunity Employer Ceribell is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, childbirth and related medical conditions), sexual orientation, gender identity or expression, national origin, age, marital status, disability, veteran status or any other characteristic protected by law. Ceribell complies with all applicable national, state and local laws governing nondiscrimination in employment as well as work authorization and employment eligibility verification requirements of the Immigration and Nationality Act and IRCA. Ceribell is an E-Verify employer. Any applicant with a disability who requires an accommodation during the application process should contact talent@ceribell.com to request reasonable accommodation. Privacy Statement For information on how Ceribell processes personal data of job applicants, please review our Privacy Policy. Compliance Disclaimer If you believe this job posting is non-compliant, please submit a report to legal@ceribell.com. Please note that we will not respond to inquiries unrelated to job posting compliance.
Product Cybersecurity Engineer
May MobilityTransforming cities through autonomous technology to create a safer, greener, more accessible world.
• Integrate security practices — threat modeling, architecture reviews into product development workflows from requirements through release. • Provide early security input on hardware, firmware, and software design decisions, including third-party and supply chain risk considerations. • Write, review, and validate security requirements across hardware and software domains; enforce secure coding standards and perform security analysis on main compute systems. • Assist with maintaining Software Bill of Materials (SBOM) and Hardware Bill of Materials (HBOM) using dedicated SBOM tooling to ensure component visibility, vulnerability tracking, and supply chain transparency across products. • Apply security lenses during safety and functional assessments in collaboration with safety, systems, and software teams. • Assist in proactive vulnerability patching and support secure update strategies using product security tooling for threat modeling and risk profiling. • Conduct hazard and threat analyses (TARA/HARA) early in the architecture and development lifecycle. • Analyze and harden the security architecture of vehicle subsystems and autonomous stacks; define system- and product-level security requirements and ensure validation coverage. • Assist senior level engineers with Ethernet, in-vehicle networking, and cloud interface configuration, including port security and network segmentation. • Maintain working knowledge of R155/156, ISO 21434 and UL 4600; support internal audits, risk assessments, and compliance documentation. • Engage with Auto-ISAC to track emerging threats, attack vectors, and industry best practices. • Work across teams such as cybersecurity, hardware, and product engineering — providing architectural security design feedback. • Assist with fostering a security-first culture across the organization through integrated best practices and awareness programs. • Perform additional responsibilities as directed by your manager.
Director of Cybersecurity
Voyager TechnologiesDelivering transformative, mission-critical solutions from ground to space.
• Develop and execute Voyager's cybersecurity strategy, roadmap, governance model, and operating rhythms. • Lead enterprise security programs that protect corporate systems, engineering environments, cloud services, collaboration platforms, and regulated data. • Translate business, program, and government requirements into practical cybersecurity priorities, policies, controls, and investments. • Report security posture, risks, incidents, remediation progress, and strategic needs to the CIO and senior leadership. • Lead security monitoring, alert triage, incident response, forensics coordination, vulnerability management, threat intelligence, and remediation tracking. • Establish incident-response playbooks, tabletop exercises, escalation paths, and communication protocols for security events. • Oversee SIEM, EDR, email protection, vulnerability scanning, identity protection, logging, and related security tooling. • Partner with IT operations and networking teams to reduce attack surface, strengthen endpoint hygiene, and improve detection and response. • Serve as a security architecture leader for application, cloud, identity, network, endpoint, and collaboration initiatives. • Guide secure design for Microsoft 365, GCC High or government-cloud environments, identity platforms, endpoint management, and network segmentation. • Drive risk assessments, control design, exception management, and remediation prioritization across enterprise systems. • Evaluate emerging technologies and security products that improve Voyager's resilience, visibility, and operational effectiveness. • Partner with compliance, legal, contracts, and program teams to support CMMC, NIST SP 800-171, DFARS, ITAR/EAR, CUI, NASA, and DoD security obligations. • Ensure security controls and evidence support audit readiness, government reviews, prime contractor assessments, and proposal requirements. • Support secure handling of controlled unclassified information, export-controlled technical data, and classified-program requirements as applicable. • Coordinate cybersecurity requirements with facility security, program security, and enterprise risk stakeholders. • Build, lead, and develop cybersecurity talent, including internal staff, external partners, and managed security providers. • Manage security vendors, contracts, budgets, licensing, and technology performance. • Communicate clearly with technical teams and executive audiences, including in sensitive or time-critical situations. • Promote a security culture that is practical, mission-aware, and focused on enabling Voyager teams to move quickly and safely.


