We Dream. We Do. We Deliver.

We are a leading data-driven & technology-enabled full-service agency that specializes in the delivery of unique, personalized customer experiences across various platforms and devices. We partner with the Top 500 companies in the DACH region as well as in Eastern Europe and focus on customer experience transformation & CXM.

Our 1800 digital enthusiasts are innovating the way brands are built, through providing expertise in Digital Transformation strategy, MarTech platforms, Creativity, UX, CRM, Data, Commerce, Mobile, Social Media, Intranet and CMS. We are part of the global Merkle brand, the largest brand within the dentsu group, who shares with us a network of over 66,000 passionate individuals in 147 countries.

• Act as key member for Information Security to implement, report and follow up on risk reduction activities with projects and BAU; and work together with key partners to lead all aspects of security improvement activities.
• Engages with business partners from the Product function on projects and activities that require Information Security expertise and advice.
• Engage with business and IT platform peers throughout system lifecycle on "security-by-design" and "privacy-by-design" concepts, methods and tools.
• Perform active governance on key security metrics for systems under his/her responsibility.
• Perform or take accountability for general IT control activities in scope of the solutions including evaluating 3rd party cyber maturity and performing ongoing vendor risk governance.
• Lead security awareness trainings and provide coaching, trainings, promoting webinar attendance or similar activities to raise the security awareness of the function
• Take accountability or responsibilities of tasks required for the resolution of cyber incidents in impacting solutions under his/her responsibility, from identification to eradication, working closely with central/platform IT teams and InfoSec (e.g. SOC and IRM)
• Perform risk assessments and vulnerability management activities for functional support areas. Manage, monitor, and report on the full lifecycle of risk management at the system or platform level, from identification to closure.
• Drives cybersecurity resilience activities in the assigned functional domain (e.g. back-up, restored, Disaster Recovery)
• Support during internal or external audits.
• Support the Qualification and Validation activities required for GxP systems
• Ensure information security standards are applied to Laboratory Systems and Instruments

• Sound experience in an information security, IT risk management or IT audit function within a large organization
• Proven track record in supporting development teams throughout all phases of secure systems development life cycle (design, development, maintenance)
• Good knowledge of typical application design patterns (e.g. web, mobile, thick client, etc.)
• Good understanding of cloud computing architectures (e.g. SaaS, IaaS, PaaS, FaaS) and their corresponding characteristics in terms of information security
• Good understanding of modern technologies such as IoT, Machine learning, automation.
• Knowledge of basic identity and access management concepts (e.g. single-sign on, identity federation) and standards (e.g. SAML, OAuth 2.0, OpenID)
• Familiarity with most common web application security issues (e.g. OWASP top 10)
• General understanding of regulatory requirements (e.g.GxP, FDA) and their impact on systems.

If you feel inspired by us, we will probably be inspired by you. Join us now and apply online to make sure we match each other’s expectations. We value diversity and are committed to creating an inclusive environment. We welcome all qualified candidates - regardless of your gender or background, please indicate your salary expectations and possible entry date. We look forward to hearing from you!

Personal consultancies - we only work with selected partners.

All your information will be kept confidential according to EEO guidelines.