Information Security and Data Protection Officer (f/m/d)
We are status quo breakers, game changers and pathway makers!
With our health platform myoncare, we are transforming the healthcare market and, as a leading ecosystem, we want to enable excellent healthcare support for all patients in the world.
How do we do that?
People are at the center of everything we do!
We connect all the players in the healthcare system to ensure that patients receive the right therapy, at the right time and to the right extent. All with the commitment and consent of the patient.
Myoncare collects clinical patient data thanks to audited blockchain, without its own access, and ensures its security through encryption. For the first time, all patient care functions that previously existed as individual solutions or in incomplete form are bundled into one application!
We have big plans - today and tomorrow! And that's why we are looking for innovators, change-makers and minds that are ready to take on new challenges.
Talent and commitment are the key and that's why we need YOU! Come join the team and help us realise our mission.
Myoncare offers you a space to flex your problem-solving muscles, develop and expand your skills and work on projects that really matter so you can grow with us.
Experience the digital revolution of the healthcare system first hands as our new Information Security and Data Protection Officer (f/m/d).
- Risk Assessment and Management: Identify, assess, and manage information security risks within the organization. This includes evaluating threats, vulnerabilities, and potential impacts on data and systems.
- Policy Development: Develop and enforce information security policies, procedures, and guidelines that align with organizational goals and address identified risks.
- Access Control: Implement access control measures to ensure that only authorized individuals have access to sensitive data and systems. This may involve user authentication, authorization, and monitoring.
- Incident Response: Establish an incident response plan to effectively detect, respond to, and mitigate security incidents such as data breaches, cyberattacks, and system vulnerabilities.
- Security Awareness and Training: Conduct training and awareness programs to educate employees about security best practices and their responsibilities in maintaining information security.
- Security Monitoring and Auditing: Continuously monitor and audit security controls and systems to identify and mitigate vulnerabilities and security breaches.
- Compliance Management: Ensure that the organization complies with relevant regulatory requirements and industry standards, such as GDPR, HIPAA, or ISO 27001.
- Documentation and Record Keeping: Maintain proper documentation of security policies, risk assessments, incident reports, and other relevant information security activities.
- Security Testing and Assessment: Perform security assessments, penetration testing, and vulnerability scanning to identify weaknesses in the organization's security posture.
- Security Governance: Establish a governance framework to ensure that information security is integrated into the organization's overall business strategy and decision-making processes.
Tasks Data Protection:
- Data Protection Compliance: Ensure that the organization complies with data protection laws and regulations, such as GDPR, CCPA, or other applicable laws.
- Data Privacy Impact Assessments (DPIAs): Conduct or oversee privacy impact assessments to identify and mitigate privacy risks associated with data processing activities.
- Data Subject Rights: Facilitate the exercise of data subject rights, such as the right to access, rectify, erase, or restrict the processing of personal data.
- Data Breach Management: Manage and report data breaches to the appropriate regulatory authorities and affected data subjects, as required by law.
- Privacy Policies and Notices: Develop and maintain privacy policies and notices that inform individuals about how their personal data is processed.
- Vendor and Third-Party Assessment: Assess the data protection practices of third-party vendors and service providers that process personal data on behalf of the organization.
- Employee Training and Awareness: Educate employees about data protection requirements, including their responsibilities and the importance of protecting personal data.
- Data Protection Officer as a Contact Point: Act as a point of contact for individuals (data subjects), supervisory authorities, and internal stakeholders regarding data protection matters.
- Legal and Regulatory Guidance: Provide legal guidance and advice to the organization on data protection and privacy matters.
- Monitoring and Reporting: Continuously monitor compliance with data protection laws, maintain records of data processing activities, and report to regulatory authorities as required.
- At least two years of experience in managing Information Security Management Systems according to ISO/ IEC 27001
- Expert Knowledge of Data Protection Laws such as GDPR
- Training as ISO/ IEC 27001
- Knowledge of BSI governance and software security standards such as IT Grundschutz and BSI TR-03161 (parts 1-3)
- Experience in generating and adapting SOPs and Working Instructions together with specialist departments
- Knowledge of threat modeling and penetration testing requirements and methods is a plus
- Ideally experience in conducting internal audits
- Risk Assesment Skills to assess the privacy risks associated with data processing activities and recommend appopriate mitigation measures
- Independent working and a strong sense of responsibility for your own actions
- Hands-on mentality
- Drive to identify potential for improvement and to find solutions for stakeholders
- Hight ethical standards and integrity when handling sensitive and personal data
- Excellent English (written and spoken), German is a plus
- We always work with a permanent contract, as we would like to keep you on our team as long as possible.
- A modern and comfortable office, in the heart of Munich.
- A structured onboarding tailored to your needs, as we want each individual to arrive at our company the best possible way, both personally and professionally.
- An international, helpful, highly motivated and agile team.
- Professional and personal development opportunities and the best career prospects, due to our strong expansion.
- Various team events, to constantly improve cohesion.
- The possibility of mobile work, to create the best possible work/ life balance for you.
- A flexible working time model.
- Free coffee and tea - to sweeten your working day.
- Lightning talks and regular get-togethers, to keep our team up to date with the latest developments.
- Very good connection to public transportation.
- Variety of lunch options in the area, restaurants, supermarkets, etc.
- Constructive exchange and connection with the sister companies, CONVIEN GmbH (CO2 reduction) and sqanit GmbH (service platform).
Our core values:
Trust technology - We are committed to creating a safe and sound environment for digital health. We´re setting standards in data security, because we know that in order for people to trust technology, there needs to be reliable solutions by disruptive technology.
Collaborative mindset - We know we only can tackle complexity together. We focus on our strengths and build on synergies. Because we know connected solutions lead to simplified and better healthcare.
Adaptive thinking - We do not believe in one fits all solutions because we know the reality is different. We easily adapt to changing conditions by providing modular and scalable solutions for a complex and everchanging ecosystem.
Human innovation - We are transforming healthcare for the sake of the people. By putting patients at the centre of our doing, we ensure a holistic and sustainable view of healthcare.
Contribute to the digitalization of healthcare and take visionary step into the future with us!
Become part of the ONCARE family and apply today with your complete application documents, stating your earliest possible starting date and your salary expectations.
We are looking forward to hearing from you!
Please not our data protection regulations on our homepage.
Find more English Speaking Jobs in Germany on Arbeitnow