Manager Information Security

Who we are

The role

The day-to-day

• Take ownership of the day-to-day management and continuous improvement of the ISMS, ensuring frameworks remain audit- ready and aligned with ISO 27001 and BSI IT-Grundschutz requirements across Germany and international entities including the UK, France, and beyond.
  
  
• Act as a trusted security advisor to delivery teams across a portfolio of high-priority defence programs, consulting on the implementation and documentation of security concepts and ensuring compliance with VS-NfD operational requirements.
  
  
• Drive the planning, coordination, and execution of internal and external audits, as well as penetration testing activities, managing findings through to resolution and maintaining a culture of continuous security improvement.
  
  
• Contribute directly to the design and establishment of a foundational NATO Classified Infrastructure, navigating the complex compliance and accreditation requirements this entails alongside existing national commitments.
  
  
• Support the build-out of the Cyber SOC, helping to define processes, tooling, and operational procedures that will form the backbone of the organisation's detection and response capability.
  
  
• Develop, implement, and refine Incident Management procedures, ensuring the organisation is prepared to respond swiftly and effectively to security events across classified and unclassified environments.
  
  
• Participate in on-call rotations with a minimum commitment of one week per month, providing out-of-hours security support and incident response coverage as the organisation scales across multiple international locations.

You should apply if you

• Have 2–4 years of hands-on experience in Information Security or IT Security within NATO, EU, or German national classified environments, and are ready to take that expertise to the next level in a fast-moving, high-stakes setting.
  
  
• Hold expert-level knowledge of ISO 27001 and BSI IT-Grundschutz and have practical experience implementing, managing, or auditing these frameworks — not just understanding them in theory.
  
  
• Are deeply familiar with VS-IT systems, accreditation processes, and the compliance demands of classified networks, and can hit the ground running without extensive onboarding.
  
  
• Thrive in environments where no two days are the same — equally comfortable advising engineers on security concepts in the morning and preparing audit documentation in the afternoon.
  
  
• Have a solid grasp of core security technologies including SIEM, PKI, IDS/IPS, and cryptographic systems, and understand how these operate within classified and defence - grade environments.
  
  
• Are excited by the prospect of building something — whether that is a Cyber SOC, a NATO infrastructure, or an internationally scalable ISMS — and want to leave a tangible mark on an organisation at a defining moment in its growth.
  
  
• Hold an active German security clearance at Ü2/Ü3 level, or are fully eligible and willing to undergo formal vetting in accordance with the SÜG, and understand that operating in this space comes with a responsibility that you take seriously.

Note: We operate in an industry where women, as well as other minority groups, are systematically under-represented. We encourage you to apply even if you don’t meet all the listed qualifications; ability and impact cannot be summarised in a few bullet points.

Nice to Have

• Relevant industry certifications such as ISO 27001 Lead Auditor or Lead Implementer, or BSI-certified IT-Grundschutz Praktiker.
  
  
• Prior experience with NATO Security Policy frameworks and the accreditation requirements associated with NATO Classified Infrastructure, including familiarity with NATO CIS environments.
  
  
• Exposure to EU security regulations and cross-border compliance requirements, particularly in the context of exporting classified security frameworks to international entities.
  
  
• Experience supporting or contributing to the build-out of a Cyber SOC, including familiarity with SOC tooling, process design, and operational workflows.
  
  
• Knowledge of TEMPEST standards and physical security requirements as they relate to classified IT environments.
  
  
• Familiarity with NIS2 requirements and the practical steps involved in aligning an organisation's security posture with the directive's obligations.
• Professional working proficiency in both German and English, enabling effective collaboration across international teams, auditors, and regulatory bodies without reliance on translation support.

Join Helsing and work with world-leading experts in their fields 

• Helsing’s work is important. You’ll be directly contributing to the protection of democratic countries while balancing both ethical and geopolitical concerns

• The work is unique. We operate in a domain that has highly unusual technical requirements and constraints, and where robustness, safety, and ethical considerations are vital. You will face unique Engineering and AI challenges that make a meaningful impact in the world

• Our work frequently takes us right up to the state of the art in technical innovation, be it reinforcement learning, distributed systems, generative AI, or deployment infrastructure. The defence industry is entering the most exciting phase of the technological development curve. Advances in our field of world are not incremental: Helsing is part of, and often leading, historic leaps forward

• In our domain, success is a matter of order-of-magnitude improvements and novel capabilities. This means we take bets, aim high, and focus on big opportunities. Despite being a relatively young company, Helsing has already been selected for multiple significant government contracts

• We actively encourage healthy, proactive, and diverse debate internally about what we do and how we choose to do it. Teams and individual engineers are trusted (and encouraged) to practise responsible autonomy and critical thinking, and to focus on outcomes, not conformity. At Helsing you will have a say in how we (and you!) work, the opportunity to engage on what does and doesn’t work, and to take ownership of aspects of our culture that you care deeply about

What we offer

• Competitive salary and stock options (ESOP)

• Relocation support: up to €2,500 and 4 weeks temporary accommodation

• Learning: €500/£450 yearly allowance

• Health & wellness: gym membership and mental health support (Nilo.health)

• Social: regularly company events and monthly social allowances

• Enhanced parental leave: 22 weeks fully paid for primary caregivers & 6 weeks for secondary caregivers.

• Family support: 5 days of paid family emergency leave, 100% remote work option during pregnancy and phased return to work

These are the core benefits across all locations, there may be additional benefits in certain locations.

Helsing is an equal opportunities employer. We are committed to equal employment opportunity regardless of race, religion, sexual orientation, age, marital status, disability or gender identity. Please do not submit personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning your health, or data concerning your sexual orientation.