IT Security Specialist
Kennziffer: 2026-0093
- Heidelberg
- Full-time
- German Human Genome-Phenome Archive (GHGA)
Das Deutsche Krebsforschungszentrum (DKFZ) ist eines der größten Krebsforschungszentren Europas. „Forschen für ein Leben ohne Krebs“ ist unsere Mission und hierfür arbeiten unsere Weltklassewissenschaftler:innen gemeinsam mit allen Mitarbeitenden.
Wir erforschen, wie Krebs entsteht, erfassen Krebsrisikofaktoren und suchen nach neuen Strategien, die verhindern, dass Menschen an Krebs erkranken. Wir entwickeln neue Methoden, mit denen Tumore präziser diagnostiziert und Krebspatient:innen erfolgreicher behandelt werden können. Jeder Beitrag zählt – ob in der Forschung, in der Administration oder der Infrastruktur. Das macht unsere tägliche Arbeit so bedeutungsvoll und spannend.
To strengthen our cross-project team, we are seeking with immediate effect an
We are looking for an IT Security Specialist to define security standards for two major data infrastructure projects in the Heidelberg-Mannheim region: (1) The Data Space Project of the Health + Life Science Alliance has recently been launched to develop a trusted research environment (TRE) for seven leading life sciences and biomedical research institutions in the Heidelberg-Mannheim region. (2) The German Human Genome-Phenome Archive (GHGA) is part of the national program for research data infrastructures (NFDI) and has established a secure national omics data infrastructure, enabling the secondary use of human omics data in research. These infrastructures are supporting the bioinformatics community with software tools for secure data/metadata storage, interactive data portals with data visualization, and streamlined data deposition and acquisition solutions. Prof. Oliver Stegle is coordinating GHGA at the DKFZ and representing the Data Space project for the DKFZ in close collaboration with the other Health + Life Science Alliance member institutions Heidelberg University, European Molecular Biology Laboratory (EMBL), Central Institute of Mental Health, Max Planck Institute for Medical Research, Heidelberg University Hospital and University Hospital Mannheim.
In order to develop the Data Space Trusted Research Environment (TRE) and the GHGA platform into a state-of-the-art infrastructure for the secure handling and analysis of genome data, we are looking for an IT Security Specialist.
Job description:
We are looking for a team member with substantial experience in information security and risk governance. Your role will be instrumental in technical and organizational decision-making for the Data Space and GHGA projects and will ensure compliance with modern standards for both infrastructures. You will be part of two tightly connected teams spanning cloud engineers, data stewards and interdisciplinary researchers with the joint mission of enabling the secure sharing of sensitive biomedical data for the scientific research community. You will have a diverse set of tasks, shaping the IT infrastructure of the Data Space TRE from the start, while also managing the IT security for the operation of the established GHGA Portal and upcoming new functionalities. Your expertise will help ensure the safe operation of the Data Space TRE and GHGA while also contributing to the development of standards in Germany and supporting their role in international efforts.
Your responsibilities:
- Analysis and documentation of current operations with respect to IT security, identifying gaps and supporting continuous improvement
- Implementation and maintenance of a framework for risk and asset management, utilizing modern tools and standards
- Creation and maintenance of an Information Security Management System (ISMS)
- Implementation and maintenance of a program for security awareness that works across multiple communication channels
- Regular monitoring of risks through third-party interactors, such as used infrastructures or sub-contractors
- Provision of information security guidance for IT projects, including the evaluation and recommendation of technical controls
- Coordination of interaction with external expertise on legal and technical IT security topics
Your profile:
Essential Expertise:
- Proven experience with core information security frameworks (BSI IT-Grundschutz, ISO 27001) and risk management methodologies
- Hands-on background in developing and implementing risk-mitigation plans, security policies, processes, and technical controls
- Solid understanding of GDPR compliance requirements and IT infrastructure fundamentals (e.g., networking, server roles, system architecture)
- Fluency in German and English to articulate technical requirements clearly and collaborate with cross-functional teams and external partners
- Demonstrated project management skills, with the ability to work independently, solve problems creatively, and drive initiatives to completion
Advantageous Qualifications:
- Knowledge of cloud security guardrails in multi-account environments (e.g., IAM, SCP, centralized logging, encryption, network isolation)
- CISSP certification or equivalent advanced security credential
Unser Angebot:
- Hervorragende Rahmenbedingungen: modernste state-of-the-art Infrastruktur und Möglichkeit zum internationalen Austausch auf Spitzenniveau
- 30 Tage Urlaub
- Flexible Arbeitszeiten
- Vergütung nach TV-L inkl. betrieblicher Altersvorsorge und vermögenswirksamer Leistungen
- Möglichkeit zur mobilen Arbeit und Teilzeitarbeit
- Familienfreundliches Arbeitsumfeld
- Nachhaltig zur Arbeit: Vergünstigtes Deutschland-Jobticket
- Entfalten Sie Ihr volles Potenzial: gezielte Angebote für Ihre persönliche Entwicklung fördern Ihre Talente
- Unser betriebliches Gesundheitsmanagement bietet ein ganzheitliches Angebot für Ihr Wohlbefinden
Sie sind interessiert?
