Mission Brief

As our founding Principal for Cyber Risk & Assurance, you will take ownership of and professionalize Isar Aerospace's cybersecurity risk function. While we have foundational elements of an ISMS and risk management in place, this is a unique opportunity to architect, formalize, and scale these processes into a world-class program that is not only compliant with regulations like NIS2, but is also prepared for future ISO 27001 certification. You will be the central driver of our compliance programs and the owner of the security risk register, ensuring it seamlessly integrates with our corporate Enterprise Risk Management (ERM) framework.

This role is for a seasoned, hands-on strategist who excels at both building and aligning. You will be the lead individual contributor and subject matter expert, with the executive support to mature our risk posture. The right candidate will be a future thought leader in risk management at Isar Aerospace, with the potential for team leadership as the function matures.

Your Role in Our Space Mission:

• Architect our ISMS for Certification: Architect and mature our Information Security Management System (ISMS) to not only align with the corporate ERM framework but also to drive the organization towards future ISO 27001 certification. This includes leading readiness assessments and managing the control implementation process.
• Own Cyber Risk: Take full ownership of the Cybersecurity Risk Register. You will manage the risk lifecycle and serve as the primary liaison to the Enterprise Risk unit, integrating cyber risk scenarios into the overall corporate risk posture.
• Drive NIS2 Compliance: Serve as the primary driver and project manager for our entire NIS2 Directive compliance program, coordinating with legal, engineering, and operational teams to close gaps and produce evidence for auditors.
• Lead Security Culture & Awareness: Own and operate the company-wide cybersecurity awareness and training program. You will develop engaging content, run phishing simulations, and measure program effectiveness to cultivate a strong, security-first culture across the entire organization.
• Mature the Policy Framework: Manage the full lifecycle of all security policies, standards, and procedures—from drafting and stakeholder review to publication and annual updates.
• Manage Third-Party Risk: Operationalize and manage our new Third-Party Risk Management (TPRM) program, ensuring all suppliers and vendors are vetted, contracted, and monitored according to their risk tier.
• Coordinate Audits: Act as the primary point of contact for all internal and external security audits, managing evidence collection, coordinating responses, and steering the organization through future certification audits.
• Report to Leadership: Develop and present regular, clear, and concise risk and compliance reports for cybersecurity leadership and the ERM unit.

Qualification Checklist

• Experience: 8-10+ years of experience in Information Security, with a specific focus on GRC, IT audit, or security risk management.
• Framework Expertise: Deep, practical knowledge of key security frameworks, particularly ISO 27001 (including the process for achieving and maintaining certification) and the NIST CSF. Demonstrable experience with the requirements of the EU NIS2 Directive is a significant advantage.
• Proven Program Builder: You have a proven track record of maturing and scaling security programs, taking foundational elements and building them into auditable, enterprise-grade functions.
• Core Skills: Expertise in conducting technical risk assessments, writing clear and enforceable policies, managing audit processes, and influencing cross-functional teams without direct authority.
• Communication: Fluent and professional communication skills in English are mandatory. Proficiency in German is highly desirable due to our regulatory environment.

Bonus Skills

• Industry Context: Experience in aerospace, high-tech manufacturing, critical infrastructure, or OT/ICS environments.
• Export Control Expertise: You understand the unique compliance challenges of the aerospace sector. If terms like "Dual-Use," "BAFA," or "ITAR" are part of your daily vocabulary, you are a highly desirable candidate.
• Certification Leadership: Proven experience leading an organization through a successful ISO 27001 certification audit.
• Certifications: Professional certifications such as CISA, CRISC, CISM, or CISSP are highly valued.
• Tooling Experience: Hands-on experience with modern GRC and TPRM platforms.
• Pragmatism and Drive: You are a highly autonomous professional who excels at building bridges between technical and business units. You are a business enabler, not a blocker.

Benefits

• Employee Participation Program: Share in our success through our virtual company share program
• 30 days of vacation: Enjoy the days off to relax and recharge
• Company pension plan: Secure your future with our company pension plan, featuring a 20% employer contribution after the probation period
• Subsidised lunch: Stay energised with delicious, subsidised lunches every day
• Public transport ticket: Commute with ease using a fully financed Deutschlandticket
• Sport Clubs membership: Stay fit with our sponsored sports club memberships (EGYM Wellpass)
• Individual learning allowance: Grow your skills with an individual learning budget granted after the probation period
• Childcare allowance: Receive a childcare allowance for your non-school-age children
• And Much More! Discover additional perks and benefits when you join our team

Who we are

We are Isar Aerospace and we are at the forefront of New Space building a modern space business to enable faster, better and cheaper access to space.

Our mission is to help democratise space and use it for good in order to improve life on Earth now and for the future generations.

We are a fast-growing company aiming to provide sustainable and environmentally friendly launch solutions for small and medium-sized satellites and constellations into Low Earth Orbit. The company is privately funded by world-leading technology investors with strong commitment and support and our team is made of driven and talented people with a real passion for space innovation.

We're making rockets in a way that hasn't been done before disrupting a traditional industry. If you are up for the challenge, want to work on cutting-edge projects and be part of a team changing the world for better, come, join us and launch your career!

Want to find out more about us?

Visit www.isaraerospace.com