Head of Security Certification Management (f/m/d)

At IONOS, the leading European provider of cloud infrastructure, cloud services and hosting services, you will work together with a wide range of teams. We are characterized by open structures, a friendly working culture and flat hierarchies with a strong team spirit. We firmly believe that work and fun are compatible, and offer you the right environment for this. Our constant growth means that we are always looking for new colleagues. Become part of IONOS and grow with us.

The Challenge

As a leading European hosting provider, our infrastructure is the backbone of our customers' digital presence. We operate in a regulated environment where ISO27001, KRITIS and NIS2 are not just acronyms, but core operational requirements. Your challenge is to build a "Compliance-as-Code" culture — ensuring our distributed team of 10+ GRC professionals enables our engineers to move fast while remaining rock-solid against audits. Be the driver that moves the organization from "reactive" (audit-driven) to "proactive" (risk-driven).

Tasks

• Leadership & Scale: Mentor and lead a high-performing, distributed GRC team (10+ direct FTEs) and an indirect organization of 50+ people. Transition the team from manual evidence gathering to automated, data-driven oversight.
• End-to-End ISMS Lifecycle Ownership: Having the full accountability for the design, implementation, and continuous improvement of the management system.
• Integrated Management System (IMS): Lead the team to architect a unified IMS that bridges ISMS, Risk Management, and BCM. 
• Regulatory Authority: Act as the primary interface for the BSI (Federal Office for Information Security). Own the implementation of NIS2 and the KRITIS across our international Brands and Products.
• Security Audits & Evidence: Drive ISO27001 re-certifications, TKG and BSIG (KRITIS) audits. Move us toward continuous compliance with real-time dashboards for executive reporting.
• Third-Party Risk (TPRM): In the hosting world, our supply chain is critical. Refine our vendor risk management to meet the stringent requirements of NIS2 and CRA.
• Collaboration with developing machine learning algorithms in our Dev teams, operating AI tools for our customers and using artificial intelligence in our day to day work to achieve this.Partner with Development teams to integrate machine learning algorithms, leveraging AI tools to enhance customer-facing operations and internal workflows.

Qualifications

• Senior Tech Leadership: at least 5+ years in GRC/Security, with ideally experience in the Hosting, SaaS, or Cloud sectors. You understand the difference between a "paper" ISMS and a operational one.
• Strategic Vision: Ability to define a 3-year roadmap for GRC maturity to ensure it evolves with the business. Moving the organization from "reactive" (audit-driven) to "proactive" (risk-driven).
• Framework Mastery: Hands-on experience with ISO 27001, NIS2 & BCM. You know how to map these frameworks to avoid double work.
• Regulatory Expert: You have successfully navigated ISO27001/KRITIS audits and are currently preparing (or have implemented) NIS2 strategies.
• Tooling Visionary: You prefer GRC tools (like Auditboard) over Excel. You understand how to use APIs to pull compliance evidence directly from Jira.
• AI Vision: You envision how Artificial Intelligence can enhance GRC best practices and you are familiar with tools and applications.   
• People Management Experience : You know how to build up a network in a group with 10+ locations and are used to report to all different levels of management
• Languages: Native/Professional German and fluent English.

Why This Role?

• High Visibility: You report directly to the Group CISO and have exposure to the Board of Management. Your work directly impacts our ability to sign major enterprise and public-sector contracts.
• Complexity at Scale: We aren't just securing an office; we are securing a massive, distributed and international  infrastructure that powers thousands of businesses.
• Innovation: We want a leader who drives the team to automate the "boring" parts of GRC and leverage Artificial Intelligence, so that we can focus on high-level strategic risk.

Location: Berlin or Karlsruhe

Benefits

• Hybrid working model with home office option.
• Flexible working hours through trust-based working hours.
• At some locations a subsidized canteen and various free drinks.
• Modern office space with very good transport connections.
• Various employee discounts for activities and products.
• Employee events such as summer and winter parties, as well as workshops.
• Numerous training and development opportunities.
• Various health offers, such as sports and health courses.

About IONOS

IONOS is the leading European digitalization partner for small and medium-sized businesses (SMB). The company serves around six million customers and operates across 18 markets in Europe and North America, with its services being accessible worldwide. With its Web Presence & Productivity portfolio, IONOS acts as a 'one-stop shop' for all digitalization needs: from domains and web hosting to classic website builders and do-it-yourself solutions, from e-commerce to online marketing tools. In addition, the company offers Cloud Solutions to enterprises who are looking to move to the cloud as their businesses evolve. 

We value diversity and welcome all applications - regardless of, for example, gender, nationality, ethnic or social origin, religion, disability, age as well as sexual orientation and identity, physical characteristics, marital status or any other irrelevant factor subject to applicable law.