• A dynamic, international environment
• Opportunities for professional growth and development
• The chance to make a real impact in a fast-moving industry
• Moving cost support for new employees in accordance with policy
• Good connections to public transport – station in direct proximity
• INNIO e-Motion program - e-cars for private use with various rent periods
• Attractive location in the heart of the alps which provides various outdoor sport and other leisure possibilities

Your Responsibilities:

• Lead the company’s information security operations and incident management program, ensuring clear ownership, prioritization, and timely resolution of all security events
• Chair incident reviews and post-incident retrospectives; convert findings into durable improvements (controls, playbooks, processes, and training)
• Own the information security risk management lifecycle (identification, analysis, treatment, reporting) and keep risk registers and asset mappings current
• Set and track KPIs (e.g., MTTD/MTTR, containment time, audit finding closure, control effectiveness); publish executive-ready dashboards and status updates
• Govern external security providers (e.g., MDR/monitoring partners): define SLAs, review performance, and drive continuous service improvement
• Direct the automation roadmap for incident handling and case management (prioritize high-value use cases, standardize workflows, and reduce manual effort)
• Maintain ISMS alignment and audit readiness (ISO 27001/27005); coordinate evidence, policies, and corrective actions with Compliance, Legal, HR, and IT
• Drive identity, endpoint, and directory hardening programs in partnership with Infrastructure teams; align improvements with measurable posture targets
• Plan and lead tabletop exercises and crisis communications with relevant stakeholders; ensure role clarity, escalation paths, and rehearsed response
• Champion security awareness and training initiatives tailored to incident patterns and emerging risks

Your Profile:

• 7+ years across information security operations, incident response, and risk management, including 2+ years leading teams and/or providers
• Hands-on governance experience with ISO 27001/27005 and an ISMS (policy lifecycle, internal audits, corrective actions)
• Practical use of GRC/IR tooling for workflows, dashboards, and reporting
• Working knowledge of common enterprise security stacks (e.g., EDR/MDR, log analytics/SIEM, identity/AD, M365 security) sufficient to challenge designs and set priorities
• Strong vendor management, contract/SLA governance, and budget planning skills; excellent communication and stakeholder influence
• A valid work permit for Austria is a prerequisite for this position (Non-EU citizens: please attach the work permit to the application)

Desired Experience:

• Familiarity with NIS2 expectations, MITRE ATT&CK-aligned control mapping, and maturity assessments
• Background in designing and scaling automation/orchestration for incident handling and reporting
• Experience improving Microsoft Secure Score (or similar posture metrics) and leading hardening programs (identity, endpoint, cloud)
• Relevant certifications (e.g., CISM, CISSP, ISO 27001