Information Security Officer (m/w/d)

Celsion is hiring an experienced Information Security Officer (ISO) to strengthen our growing Risk team. Reporting to the Head of Risk Control, you will guide our security, technology-risk, and operational-resilience programme so that our cloud-native, digital-asset platform consistently satisfies EU-DORA, MiCAR, ISO 27001, GDPR, and other leading standards. This senior individual-contributor role offers the opportunity to shape strategy, evaluate new architectures, oversee third-party and continuity controls, and brief senior management—directly influencing the security posture of a fintech that is transitioning into a fully licensed digital-asset bank.

• Keep the DORA and ISO-27001-aligned ISMS and enterprise risk register current; record new risks and update mitigation actions.
• Run the Business Impact Analysis and keep the BCM & Disaster Recovery Plan (DRP) current; organise tabletop and fail-over tests and report RTO/RPO gaps.
• Coordinate the managed SIEM/SOC service: validate detection rules, response playbooks and SLAs; arrange purple-team drills.
• Review cloud architectures, CI/CD pipelines before deployment to ensure controls are embedded and tested.
• Develop and track concise KRIs/KPIs for identity, data protection, infrastructure resilience and incident response; present dashboards to management and the board.
• Drive the full third-party & outsourcing-risk lifecycle (due diligence, contract clauses, ongoing monitoring) for cloud providers and other critical vendors.
• Monitor regulatory updates (EBA ICT/Security Guidelines, DORA, MiCAR, GDPR); translate them into control requirements and prepare evidence packs for supervisors and auditors.
• Lead security-awareness activities (Lunch-&-Learn sessions, phishing simulations) to foster a risk-aware culture across business and engineering teams.

Required qualifications, Capabilities And Skills

• Proven experience: 7+ years in information security, technology-risk or IT audit within a regulated FinTech, bank or SaaS; ≥ 3 years performing formal risk oversight or control testing.
• Regulatory fluency: You have hands-on experience with one or more supervisory framework (EBA ICT/Security Guidelines, DORA, BaFin, FINMA, CSSF) plus ISO 27001, DORA, GDPR
• Security-domain breadth: You can move confidently across the whole security landscape, from policy writing and risk/control assessments to access management, incident governance, vulnerability oversight, third-party risk and data-protection matters.
• Analytical & soft skills: You can turn complex technical findings into business-impact language and back your arguments with clear data.
• Crypto-key management: You are comfortable in handling certificates, keys and hardware security modules without needing to be a cryptography researcher.
• Communication skills: You know to explain risk clearly to both developers and executives; fluent in English and capable in German.
• Certification: Holding at least one major credential (CISSP, CISM, CISA, CRISC, CCSP or ISO 27001 Lead Implementer/Auditor).

Preferred qualifications, Capabilities And Skills

• Hands-on exposure to BCM / DRP activities such as BIA facilitation, tabletop-exercise design or ISO 22301 training.  
• Digital-asset custody or blockchain-analytics know-how (Fireblocks, MPC/HSM, Elliptic).
• Cloud-native security insights — container hardening, IAM (SAML / OIDC), CI/CD security checks.
• Experience with managed SIEM/SOAR, threat-hunting or red/purple-team engagements.
• Advanced certifications such as GIAC, OSCP, CCSK, or experience running red/purple-team or bug-bounty programmes.

• A high-impact role shaping Celsion’s security posture at licence-go-live and beyond
• Short decision paths and the freedom to implement modern, automated security solutions
• Collaborative, growth-oriented culture with significant professional-development opportunities
• Competitive compensation package, including training budget and the chance to work at the forefront of digital-asset finance