Security Specialist

What you'll do

Information Security & Compliance

• Develop, implement, and maintain our Information Security Management System (ISMS) in alignment with ISO 27001, GDPR, BCM, BSI IT-Grundschutz and other relevant frameworks.
• Ensure documentation and compliance with information security policies and procedures including test runs.
• Conduct risk assessments, audits, and evaluations to identify security gaps and recommend improvements. Cybersecurity Monitoring & Management
• Monitor security logs from cloud services, including Google Workspace and other SaaS tools, to detect and respond to potential threats.
• Evaluate and address vulnerabilities based on the OWASP Top 10 and other cybersecurity standards.
• Work with development teams to integrate secure practices into the software development lifecycle (Secure SDLC).
• Train and advise teams on implementing security controls and adhering to compliance requirements. Team Management
• Lead and mentor a team of information security professionals, providing guidance, support, and performance feedback.
• Delegate tasks effectively and ensure team members have the necessary resources and training to succeed.
• Foster a collaborative and positive team environment, encouraging knowledge sharing and professional development.
• Set team goals and objectives, monitor progress, and provide regular updates to management.

What Everphone offers you

• a premium smartphone of your choice for personal use,
• 30 vacation days per year,
• a monthly budget of 30 € in Circula vouchers to spend however you like,
• a 300 € subsidy for public transport,
• two bright, modern offices in the heart of Berlin (Mitte and Kreuzberg),
• a dog-friendly office (Kreuzberg), where your four-legged friend is welcome to join you
• a mental health program with Voiio access for personal and professional solutions, also open to family members
• a dynamic work environment where you can actively help shape your own growth,
• a hybrid work model for more flexibility,
• access to the Everphone Learning Academy to promote professional development,
• a referral program with an up to 2000 € bonus,
• a company pension plan,
• social drinks- and karaoke night to get to know your colleagues better,
• a large open kitchen area with free drinks, snacks and fruit,
• a relaxation area with sofas and a quiet room to simply unwind.

What you’ll need

Compliance Knowledge

• You have a deep understanding of ISO 27001, GDPR, BCM and other relevant information security frameworks.
• You have acquired experience in managing and executing test runs and contributing to ISMS processes and documentation.
• Experience with BSI IT-Grundschutz is a plus. Technical Expertise
• Strong technical background with hands-on experience in security monitoring tools and cloud service security (GCP/AWS, Google Workspace, SaaS environments).
• Familiarity with secure software development practices, vulnerability scanning, and threat modeling. Analytical Skills
• Ability to assess risks, prioritize security improvements, and document findings clearly and concisely.
• Proficiency in analyzing logs and monitoring tools to identify security incidents. Communication & Collaboration
• Excellent communication and project management skills to work with cross-functional teams, including developers, legal/compliance, and operations.
• Capability to provide security training and awareness across the organization.
• Fluency in German and English (both C1). Leadership & Management
• Proven experience in leading and managing a team of information security professionals.
• Strong leadership skills with the ability to motivate, inspire, and guide team members.
• Excellent interpersonal and communication skills to build strong relationships within the team and across the organization.
• Experience in performance management, including setting goals, providing feedback, and conducting performance reviews.
• Ability to foster a collaborative and inclusive team environment.