Information Security Consultant (m/f/x)

At commercetools, we are:

Engaged: We didn't become the fastest growing, highest ever valued SaaS software company in digital commerce with nearly 100% year-over-year growth by sitting on the sidelines.

Inspired: We continually explore what's possible. As the founder of the headless commerce concept, the leader in true composable commerce, and the visionaries behind MACH® — our patented tech has radically disrupted the world of enterprise ecommerce software. And we are just getting started!

Valued: Intelligent, resilient, passionate individuals hailing from over 50 countries across the globe, speaking over 43 languages, and collectively embracing diversity, encouraging inclusion, and fostering a culture of care.

The Opportunity:

In our dynamic and growing company, information and data security is a very important topic for both our customers and for commercetools. As our Information Security Consultant, you will use your innovative mindset to raise our ISMS to the next level and evolve our high information security standards and processes. If you enjoy implementing further standards in regards to risk management, apply now!

This is a hybrid role located in either our Berlin or Munich office, with at least one day per week in the office required.

Your Mission:

• Ensure information security and data protection within commercetools’ business units
• Maintain our Information Security Management System (ISMS): security documents, procedures, guidelines, awareness training, and measures in the area information security
• Support business units in conducting security assessments and other security topics
• Check assets and evaluate risks related to those assets
• Work directly with the business units and their stakeholders to support risk assessment and risk management processes
• Maintain and evolve our security and compliance solution OneTrust
• Support internal and external audits
• Assist our business units to keep our ISMS up to date

What you need to succeed:

• 2+ years professional experience and strong affinity to the areas of information security and IT
• Knowledge and good understanding of ISO 27001
• Experience in either implementing or maintaining an ISMS 
• Deep understanding of complex IT environments, IT processes, and systems
• Willingness to learn additional information security standards and requirements (like SOC2, NIST, HDS, HIPAA, etc.)
• Ability to familiarize yourself with technical and legal topics of information security
• Motivation, flexibility, and an analytical approach
• Fluent English language skills

Nice to have:

• The successful completion of a degree in the field of information security, computer science, economics, or law, or relevant experience plus certifications
• Familiarity with Atlassian Confluence / Jira
• Experience with OneTrust or other closely related GRC tools
• Previous experience working in an e-commerce or SaaS company
• Fluent German language skills

We care about your Growth and Well-being

💰 Competitive compensation package: Generous compensation structure consisting of salary, competitive stock option package, various benefits  and perks

☀️ Remote Work: Up to 60 days/year from a country different from your base country  

💻 Open Learning & Development Budget

📚 ct Academy: Regular internal training sessions

🙌 Our Benefits: Check them out here

⌚️ Flexibility: Morning person or night owl? We believe in outcome and motivated employees

🚀 Mindset & Growth: A diverse workspace with an open, international culture & learning environment

Are you ready? Come grow with us!

🔍 Are you looking for something else? Check out our Career Page and our Website for more information.

We are all different and that is what makes us stronger! We hire great people from a wide variety of backgrounds, not just because it’s the right thing to do, but because it makes our company better.

commercetools celebrates being a diverse environment and is proud to be an equal opportunities employer. If your professional profile aligns with our specific hiring requirements and company culture, then we encourage you to apply. We will assess your competencies, future potential, approach to learning and self-development and passion, and not your age, color, national origin, religion, gender, gender identity or expression, sexual orientation, familial status, genetics, or disability.