Process Owner for Information Security Incident Management (m/f/x)

Corporate Information Technology (CIT) is the central part of the company’s strategy, developing and implementing innovative security solutions to enhance efficiency and competitiveness in the Carl Zeiss Group. By working closely with various business units, CIT ensures that technological advancements and digital transformations are seamlessly integrated into business processes.

• Own and continuously enhance the Information Security Incident Response and Management process, ensuring alignment with regulatory and business requirements.

• Define, document, and improve incident response policies, workflows, and playbooks to standardize and strengthen response activities.

• Provide strategic guidance and operational support to the Cybersecurity Incident Response Team, ensuring adherence to best practices.

• Govern and optimize the use of the ServiceNow Security Incident Response (SIR) module, including the definition of process standards and tool customization.

• Collaborate with internal stakeholders (e.g. data privacy, business units, technical teams) and external partners to ensure seamless process integration and operational efficiency.

• Enhance automation and reporting capabilities within ServiceNow SIR to drive faster response times and streamlined workflows.

• Design and lead tabletop exercises to test and refine incident response strategies and readiness across the organization.

• Develop training programs and awareness initiatives to elevate the organization’s incident response maturity and preparedness.

As the Process Owner for Information Security Incident Management (ISIM) at ZEISS, you will be responsible for the governance, coordination, and continuous improvement of ZEISS’ security incident response and management process. Your role is to ensure that the process framework aligns with industry best practices, regulatory requirements, and organizational objectives. You will work closely with the Cybersecurity Incident Response Team, Corporate IT colleagues, and senior management to maintain an efficient, well-documented, and effective incident response strategy.

• Degree in Computer Science, IT Security, Business Process Management, or a related work experience.

• At least 5 years of experience in cybersecurity, IT service management, or security operations, with a focus on process ownership and governance.

• In-depth knowledge of incident response frameworks, security operations, and process management and also experience in designing, implementing, and optimizing security incident management processes.

• Strong understanding of risk management, industry security standards, and compliance requirements (e.g., NIS2).

• Ability to analyze complex security incidents and drive strategic process improvements

• Excellent communication and stakeholder management skills, with the ability to work across technical and business teams.

• Structured and analytical mindset with a strong focus on continuous improvement

• Fluent in both German and English Preferred Industry.

Your ZEISS Recruiting Team: