IT Compliance & Information Security Manager (m/f/d)

Let’s Start with our Story

Every great career begins somewhere, and this one starts here. We are a team that believes in big ideas, bold moves and the people behind them. This is where you could be part of something exciting!

Onventis is the European Source-to-Pay Intelligence. For more than 25 years, Onventis has supported mid-sized enterprises at six locations in making their procurement and finance processes more sovereign. Through its modular SaaS product portfolio, Onventis connects an end-to-end source-to-pay process with a European operating model in a protected data environment. Today, around 1.2 million users from over 1,000 companies with 4.5 million suppliers process an annual transaction volume of 40 billion euros via the Onventis Network.

Why This Role Matters

As IT Compliance & Information Security Manager, you play a key role in ensuring trust, compliance, and operational resilience across our organization.

You will ensure that the company systematically meets its internal and external requirements for information security, IT compliance, and regulatory resilience. In doing so, you will further develop the ISMS, coordinate documentation and audits, and translate requirements from ISO 27001, NIS2, DORA, SOC/audit requirements such as ISAE 3402, and relevant AI governance guidelines into practical processes for a modern SaaS business model.

Your Role at a Glance

As our IT Compliance & Information Security Manager (m/f/ d), you will be responsible for managing and continuously developing our Information Security Management System (ISMS) and extending it into an integrated management framework that meets regulatory, legal, and customer requirements.

You will:

• Operate and further develop the Information Security Management System (ISMS) based on ISO/IEC 27001 and ensure robust policies, standards, controls, and evidence.
• Analyze new regulatory requirements and translate them into concrete measures, roadmaps, and internal control mechanisms, particularly in the context of NIS2, DORA, data protection, IT governance, and AI-related requirements.
• Coordinate internal and external audits, certifications, and customer reviews, prepare supporting documentation, and serve as the primary point of contact for auditors, customers, business units, and management.
• Conduct risk analyses, assess control gaps, and track measures through to sustainable implementation in collaboration with Engineering, Cloud Operations, Legal, Data Protection, and Product teams.
• Maintain and improve the IT-related internal control system, including documentation, effectiveness checks, exception handling, and management reporting.
• Evaluate service providers, cloud providers, and security-related solutions with regard to compliance, risk, and security requirements throughout their entire lifecycle.
• Plan and coordinate awareness, training, and communication initiatives to ensure that regulatory and security-related requirements are effectively embedded within the company.
• Support the structured classification of AI use cases and AI systems within the company and ensure that usage, documentation , control, and monitoring obligations under the EU AI Act are appropriately addressed.

Your Experience and Skills

We are looking for someone who brings:

• Several years of professional experience in information security, IT compliance, IT risk management, IT audit, or GRC in a technology-driven environment.
• Practical experience with ISMS according to ISO/IEC 27001, as well as a good understanding of regulatory requirements such as DORA, NIS2, GDPR, and comparable frameworks.
• Experience in preparing for and supporting internal and external audits and reviews.
• Ability to translate regulatory requirements into pragmatic processes, controls, and product/operational measures for a SaaS model.
• Strong communication skills in German and English to collaborate effectively with Engineering, IT, Legal, Data Protection, Customer Success, Sales, and Management.
• A structured, well-documented, and implementation-oriented approach to work with a high degree of personal responsibility.
• Certifications such as ISO 27001 Lead Implementer or Lead Auditor, CISM, CISSP, or comparable qualifications are desirable.

Our Commitment to You

Our CORE values bring our varied cultural background and products together and more importantly, ensure how we invest in our people. At Onventis, you can expect a performance focused culture where your achievements are recognized, your goals are prioritized and your career accelerates.

We offer more than just a job and we show it with real benefits:

Flexibility : Hybrid work model with modern tools and equipment
Mobility : Free parking, Job Ticket, JobRad leasing
Health & Wellbeing : Urban Sports membership, fresh fruit, drinks, and meal subsidies
Career Growth : Structured onboarding, training programs, language courses
Culture: Friendly team spirit, clear structures, regular team events & gatherings

About us

Onventis is the European Source-to-Pay Intelligence. For more than 25 years, Onventis has supported mid-sized enterprises at six locations in making their procurement and finance processes more sovereign. Through its modular SaaS product portfolio, Onventis connects an end-to-end source-to-pay process with a European operating model in a protected data environment. This allows procurement and finance departments to maintain full control over data, costs, and processes in compliance with policies and legal requirements. The agent-based AI platform Onventis Onix supports the efficient and transparent use of AI throughout the entire procurement process. Today, around 1.2 million users from over 1,000 companies with 4.5 million suppliers process an annual transaction volume of 40 billion euros via the Onventis Network.