Job Vacancies for Jobs in Information Security & IT Security

job vacancies in information secuity


How to achieve qualified applications with adequate job vacancies

Make sure you attract the right candidates with a well-fitting and eye-catching job ad. In this article, we will not only show you how to create an ideal job offer, but also provide free templates for job advertisements in information security, e.g. for an Information Security Officer (ISO) or a Data Protection Officer (DPO).

A job ad is the first contact point with potential applicants. It is one of the most important tools for recruiters or HR. With so many job postings out there, yours should stand out and grab the reader’s attention. Of course, you want only certain candidates to be targeted – those who are eligible for the position and meet your requirements. The difficulty lies in getting all the relevant information into a short text and still making it look attractive. If, for example, the job ad is far too long, unclear, incomprehensible or possibly even describes the wrong content, you may either miss out on suitable applicants or the wrong people will apply.

Especially when formulating job vacancies in specialized fields, such as information security or IT security, problems arise quickly. Different job profiles are mixed up, so that the competencies and areas of responsibility described become blurry. They no longer reflect what the company – or, in turn, the applicant – is looking for. The fact that you actually described a completely different position may only become apparent in the personal interview. When this happens, the application process to date has been of no use to either the applicant or the company.

Structure and content of a job advertisement

When creating the job advertisement, you introduce both your company and the job to be vacated. In addition, you can state the advantages that  your company offers the employees. At the end, you should provide data on contact options, application deadlines or other conditions of the application process so that no questions remain unanswered.

While candidates are reading the ad, they should be guided according to the AIDA concept (a concept from marketing).

After you got the reader’s attention, he should read the vacancy with interest held high. While reading, the desire to apply should arise. After all, the process should end with a successful application. 

Do you have difficulties when formulating job advertisements?

Are you looking for an information security officer (ISO) ? We’ll help you create the ideal job description to target qualified candidates.

Due to the shortage of skilled workers, it can take several months to find a suitable candidate. However, we have a suitable offer for you: Our ISO-as-a-service Solution  provides you with an external ISO to bypass the time until you found a new candidate. Stay flexible with a monthly cancellation period!

We would be happy to present our concept to you in detail in a non-binding discussion.

Elements of a job advertisement

The following structure is recommended:

The job advertisement should start with a strong title. It should, of course, describe the announced position in the best possible way. You shoudln’t have to read the tasks first to know what the job is actually about.

Here are some inappropriate examples for titles of job ads (for information security jobs):

  • Regional Information Security Officer 
  • Referent Information Security / Information Security Officer 
  • Senior IT Security Specialist
  • IT Security & Compliance Specialist 
  • Expert for Information Security – Audits and Certifications
  • CISO Chief Information Security Officer
  • Information Security Officer
  • IT-Governance Expert – Focus on IT-Security
  • Coordinator for Information Security ISMS/ISO 27001

The problem:There are many different job titles or job descriptions, but they actually mean the same and have identical requirements. You should make sure to use the best-known and, if possible, “standardized” terms that can be objectively assigned to a job description including tasks.

The terms Information Security Officer (ISO), Chief Information Security Manager (CISO), Data Protection Officer (DPO), Chief Security Officer (CSO) or Chief Information Officer (CIO) are common designations. We will present the exact job descriptions later in this article.

In this part, you should answer the following questions in a short text:

  • In which industry is your company operating??
  • Which product or service do you offer?
  • How many employees are employed at how many locations?
  • Have you been able to achieve any particular successes as a company?
  • What characterizes the work in your company?
  • What is your vision and what are your values?

While formulating, be specific and avoid phrases that no one can relate to. First, name the area of responsibility and list the work tasks in bullet points. Then add key points on the requirements for the applicant that are necessary in order to be able to handle the previously described tasks.

Examples of formulated job descriptions can be found below.

What skills and qualities must the applicant have? Specify what your ideal candidate must be capable of. Remeber: clear and precise wording, no empty phrases. In addition you can divide the key points into “must-haves”, i.e. what the applicants should definitely bring with them, and “nice to have”, i.e. what they should optionally already be able to do or are willing to learn.

The requirements and tasks should match. If the requirements call for knowledge of specific standards, guidelines, and auditing, the tasks should also indicate why the applicant should have these skills.

The option to work from home has been a necessity for many applicants since the Corona Pandemic. If your company offers this option, it should definitely be mentioned in the job vacancy. Other benefits such as free lunches, special team events or sports activities also find place here and should once again strengthen the desire to apply. Feel free to be creative and show the truly unique sides of your company.

  • How can applicants get in touch with you (by mail, application portal, etc.)?
  • What documents are required (cover letter, resume, certifications, etc.)?
  • What can they expect after submitting an application? Briefly describe the remaining steps of the application process.
  • Who can you talk to if you have any unanswered questions? Here you should name a contact person for questions about the application process and a person for professional questions about the position.
  • Comply with the AGG (German General Equal Treatment Act) and formulate job advertisements accordingly (gender, age, ethnic origin, religion/belief, physical/mental disability, sexual identity).
  • Select the appropriate form of addressing (formal or informal): Consider who you want to address and which form of addressing is more in line with the company’s overall image.
  • To name salary or not? There is still no legal obligation to state the salary, but it can happen that candidates do not apply if they do not find any information about the salary. Especially for higher or executive positions – like an IT manager or an information security officer this can be crucial.
  • Use images and graphics to visually highlight important content. Whether you can use images, however, depends on the platform where you place the job ad. But be careful: you should also not use too many images, because this may be too distracting and take up a lot of space. One to two meaningful images should perfectly support your ad.
  • A two-page layout for the job description and the requirements supports the typical reading flow and makes reading easier. If you use bullet points instead of continuous text in between, this can have an additional beneficial effect.
  • Use keywords that are relevant for finding the ad in the search engines and attract attention in the second step. Mention the industry, type of employment, location and other aspects that may be decisive for an application.

Research the right content for your information security job ad

There do not always exist legal requirements for professions, such as the ISO, that describe its scope of duties and responsibilities. However, certain government regulations provide detailed descriptions and bulleted lists that you can use as a guide. The German  BSI: Bundesamt für Sicherheit in der Informationstechnik =Federal Office for Information Security), for example, offers freely accessible descriptions of such requirements. But the most common standards (such as ISO 27001 for ISMS) are also excellent for deriving job description requirements. Most important is, that you obtain your information for creating the job posting from trustworthy and reliable sources.

TIP: Involving a person from the specialized department can also be helpful. If possible, such a responsible person prepare bullet points for the tasks and competencies that should appear in the job posting.

Information security job profiles

Management positions in information security hold great responsibility for companies. It should therefore be in your interest to staff the positions in accordance with the requirements. For this purpose, the job vacancy should be as professional as possible and as detailed as necessary.

We will be pleased to introduce you to various job descriptions and offer you free templates that you can use for your job advertisements. The shortage of skilled workers is a problem for many companies, especially in the field of information security. One more reason to put a lot of effort into your job advertisement!

(Chief) Information Security Officer - (C)ISO

The only difference is that if there are several ISOs in a company, there is usually one CISO who guides them all.

However, the duties and requirements are theoretically identical. The responsibilities of an ISO are defined as follows:

These requirements are independent of whether an internal or an external ISO is contracted.

Depending on the size of the company or the authority, there may be several ISOs, for example for different areas, locations or even large project plans of the company. If this is the case for you, you can state this as additional information in the job vacancy and announce the position as either (senior) ISO or CISO.

Problems with related departments

Integrating the ISO into the IT department can lead to role conflicts, since the ISO cannot fulfill its obligation to monitor security measures without being influenced by the IT security manager, for example. A personnel union with the data protection officer is also not uncritical. If this is the case, the boundaries between these two tasks must be clearly defined in order to avoid role conflicts from the very beginning. 

Are you looking for an ISO or CISO?

At the moment, 370 companies are looking for an information security officer (ISO) on StepStone – 180 on Indeed and 600 companies across Europe are looking on

Are you also having difficulties finding an information security officer or are existing external consultants too cost-intensive?

ISEGRIM X offers a cost-effective ISO-as-a-service solution from which small and medium-sized enterprises can benefit. We provide you with a certified ISEGRIM X INformation Security Officer from our company. Our service can be cancelled on a monthly basis and gives you maximum flexibility.

We define the scope of services together with you in advance in a non-binding introductory meeting. You can easily book this according to your preferences via our calendar tool:

Chief Security Officer (CSO)

The range of tasks of the CSO has a different focus than that of the ISO. The CSO is responsible for corporate security. His or her main task is to ensure physical and technological stability. This includes the security of data, intellectual property, physical assets, and the protection of employees.

These requirements are independent of whether an internal or external CSO is contracted.

IT Security Offcer or Chief Information Officer - CIO

A CIO or IT security officer develops the company’s global IT strategy. He or she ensures that all systems are working and daily business is proceeding. The aim is to achieve the company’s goals and adding the most value to the business.

These requirements are independent of whether an internal or external CIO is contracted.

Data Protection Officer - DPO

The data protection officer is responsible for reviewing and advising the company on data protection issues. He or she pursues the goal of ensuring that the requirements of the GDPR (General Data Protection Regulation) are met in the context of the collection, processing and use of personal data.

These requirements are independent of whether an internal or external DPO is contracted.

Free Download: Templates for Job Descriptions

Corporate information security

You do not yet know exactly which certifications you need or would like to learn more about one of our solutions? We will be pleased to consult you.

Clear, competent & reliable. And of course without obligation: