Information Security Manager (m/f/x)

Corporate Information Technology (CIT) at the Carl Zeiss Group is a central part of the company’s strategy, developing and implementing innovative IT solutions to enhance efficiency and competitiveness. By working closely with various departments, CIT ensures that technological advancements and digital transformations are seamlessly integrated into business processes.

• Defines, develops and reviews information security policies, procedures, guidelines, forms and templates together with the related Subject Matter Experts.

• Recommends and develops measures to ensure compliance with ISO 27001 as well as other applicable in-formation security requirements and frameworks.

• Improves the Information Security Risk Management process and executes Information Security Risk Assessments and Analysis to make sure appropriate measures are taken in order to treat identified Information Security Risks.

• Further develops and implements Information Security Auditing across all ZEISS legal entities and locations together with the responsible Regional and Business Information Security Officers.

• Supports communication of all matters relating to the ZEISS Information Security Program into all Businesses and Regions.

• Drives further development of the ZEISS GRC tool.

The Information Security Manager is a member of the InfoSec Certifications and Governance team (CIT-IC) within Corporate Information Security (CIT-I) at Carl Zeiss AG and reports directly to the Head of Information Security Certifications and Governance. The InfoSec Certifications and Governance team is responsible for developing, implementing, and maintaining the ZEISS Information Security Program within the ZEISS Information Security Organization. The ZEISS Information Security Program is aligned with well-known international frameworks and standards and considers requirements from all business functions across the ZEISS group as well as regulatory requirements. Furthermore, the team’s responsibilities include Governance, Risk and Compliance Management, Information Security Audit Management, and ISMS operation. The Information Security Manager is responsible for further development and operation of the ZEISS Information Security Program in areas such as the ZEISS Information Security Management System Process, the ZEISS Policy Framework and Information Security in Supplier Relationships.

• University degree in Information Security, Cybersecurity, Computer Science, or a related field—or equivalent combination of education and substantial hands-on experience.

• Minimum of 7 years of progressive experience in Information Security or related areas (e.g., ISMS, GRC, ISO 27001, auditing).

• Deep expertise in designing, implementing, operating, and maintaining ISO/IEC 27001-compliant ISMS, including re-certifications in multinational environments.

• Proven track record in delivering strategic security initiatives aligned with global business and regulatory requirements.

• Strong analytical and problem-solving skills with the ability to navigate complex security challenges.

• Experience in managing Information Security KPIs, governance frameworks, and executive-level reporting.

• Solid understanding of compliance across international legal and regulatory landscapes (e.g., GDPR, NIS2, SOX).

• Excellent communication and leadership skills, with the ability to influence stakeholders across technical, business, and executive levels.

Your ZEISS Recruiting Team: