Chief Information Security Officer (CISO) (m/f/d/x)

Bad Wilsnack or Berlin branch

Full-time

As soon as possible

Permanent position

Company Profile

KMG Clinics is a healthcare company with locations in northeastern and central Germany that offers highly qualified medical and nursing care in the family-like atmosphere of its facilities. KMG operates acute care hospitals, rehabilitation clinics, senior care facilities, medical care centers, and outpatient nursing services. The company has over 2,500 beds and places and employs approximately 4,900 staff members.

We are seeking you as soon as possible to serve as Chief Information Security Officer (CISO) (m/f/d/x) to actively manage our information security—particularly in the KRITIS environment—and report directly to the Executive Board at our corporate headquarters in Bad Wilsnack or at our branch office in Berlin.

Responsibilities

Why We Are Your First Choice

• Responsibility: You will take on company-wide management of information security and play a key role in shaping the further development of our security and risk structures.
• Scope for Influence: The position offers you the opportunity to establish and sustainably embed information security throughout the company.
• Relevance: You will work in a KRITIS environment with a direct impact on supply security and patient protection.
• Positioning: Direct reporting line to senior management and close involvement in strategic decision-making processes.

Qualifications

You are our top candidate if

• You currently hold a role such as Deputy CISO, ISB, or Senior Security Manager and are looking to take the next step
• You have experience in information security within regulated environments (e.g., KRITIS, healthcare, public sector)
• You have in-depth knowledge of ISO 27001, BSI IT-Grundschutz, and NIS-2
• You already collaborate with executive management or senior leadership and communicate effectively with your audience
• You can assess and prioritize security and business risks in a structured manner
• You have a clear governance perspective and do not wish to work in an operational-technical capacity

Services & Benefits

This is what your day-to-day work looks like

Strategy & Governance

• Further development and implementation of a company-wide security and risk strategy
• Establishment of clear control, decision-making, and escalation structures
• Implementation of management reporting for information security and business risks

Information Security Management

• Establishment and further development of an ISMS (e.g., ISO 27001, NIS 2-oriented)
• Definition and enforcement of policies and standards
• Integration of security into projects and processes (“Security by Design”)

Risk Management & Compliance

• Assessment and management of enterprise-wide IT risks
• Ensuring compliance with regulatory requirements (GDPR, KRITIS, NIS-2)
• Responsibility for audits and cooperation with regulatory authorities (in particular the BSI)

Incident & Resilience Management

• Responsibility for incident reporting as well as the establishment and optimization of processes for the detection, tracking, and prevention of security incidents
• Analysis and management of risks in the supplier and service provider landscape, including integration of third-party risks into central risk management
• Definition and further development of security and prevention measures for sustainable risk reduction among internal and external partners

Organization & Collaboration

• Close collaboration with all line functions (Medicine, Nursing, Administration, IT, etc.)
• Management of external partners
• Establishment of a sustainable security and awareness culture

Application & Contact

We are looking to connect with a leader who is a good fit for us and look forward to receiving your application and hearing from you.

Michaela HettingerHead of Human Resources

KMG Kliniken SEBadstraße 5-719336 Bad Wilsnack