We are looking for a Director of Information Security & Internal IT (full-time) to join our team in Berlin. 

As Director of Information Security & Internal IT, you will safeguard Babbel’s digital assets and empower our global workforce with best-in-class IT workplace solutions. You’ll define security strategy, manage risk and compliance, and lead our Internal IT operations — from infrastructure, identitya management and enterprise application portfolio to service desk and vendor partnerships. This role requires a strategic, yet pragmatic thinker with strong lateral leadership capabilities and deep knowledge of information security frameworks and regulations as well as hands-on technical knowledge in implementation details. Partnering closely with Engineering, Data, Product, People & Organization, and Finance, you’ll ensure Babbel scales securely and efficiently.

You will:

• Information Security Strategy & Governance:
• Evolve and execute the enterprise-wide information security initiatives roadmap aligned with Babbel’s business objectives.
• Maintain security policies, standards, and guidelines in compliance with relevant regulation (e.g. PCI-DSS, GDPR, CCPA, …).
• Develop and maintain a minimal and pragmatic Information Security Management System (ISMS).
• Risk Management & Compliance:
• Lead risk assessments, vulnerability management, and third-party security reviews.
• Coordinate internal and external audits; drive remediation of findings.
• Incident Response & Resilience:
• Own the Security Incident Response Plan; chair the Incident Response Team.
• Conduct incident exercises (fire-drills) and post-mortems to strengthen detection, prevention, mitigation and recovery.
• Internal IT Leadership:
• Own Enterprise Application portfolio: Elevate workforce and workplace productivity a collaboration, communication and AI-augmentation strategy.
• Oversee workplace IT service delivery: service desk, endpoint management, unified communications, and collaboration tools.
• Drive AI productivity enhancements: Evaluate, track and drive adoption of AI productivity enhancements in high potential use cases across all teams.
• Secure Identity & Access Management:
• Architect and scale authentication & authorization solutions (i.e. SSO/MFA), role-based access controls, and privileged access management through automation and self-service.
• Infrastructure & Cloud Security:
• Partner with our Platform Engineering teams to enforce secure configurations, network segmentation, and zero-trust principles across Hyperscalers.
• Team Development & Collaboration:
• Lead and develop the Information Security and Internal IT teams, providing direction and resources necessary for the aligned strategy.
• Build and mentor a high-performing team of security engineers, IT specialists, and system engineers.
• Collaborate with cross-functional partners — Legal, People & Organization, Finance — to integrate security and IT into every relevant process.
• Partner & Budget Management:
• Select and manage relationships with 3rd party security and IT vendors; negotiate and manage contracts and Service Level Agreements.
• Own teams’ P&L, forecasting headcount, tools, and training investments.

You have:

• Proven Leadership: 8+ years in Information Security leadership with at least 3 years managing both security and internal IT teams at a scale-up or grown-up.
• Security Credentials: CISSP, CISM, or equivalent beneficial; hands-on familiarity with certifications, regulations and relevant controls such as in ISO 27001, SOC 2, GDPR, CCPA and PenTest/Vulnerability frameworks.
• Workplace IT Service Mastery: Deep, yet pragmatic understanding of IT process best practices, endpoint management (e.g. MDM), and service-desk tooling (e.g., Atlassian suite).
• Identity Lifecycle Automation: Deep understanding of workforce identities’ lifecycle (esp. on- and offboarding, administrative processes, and systems integration and scripting.
• Technical Depth: Experience securing multi-cloud environments, implementing zero-trust architectures, and integrating cloud-native security controls. Strong understanding of technical security measures (e.g. encryption, IAM, OAuth, firewalls, network access control lists, etc.).
• Incident & Risk Acumen: Track record of orchestrating incident response, forensic investigations, and continuous risk reduction.
• Ownership & Prioritization: A co-ownership mindset, taking end-to-end responsibility from idea/start to finish and ability to focus and differentiate between importance and urgency.
• Strategic Communicator: Strong communicator capable of translating technical risks into clear business impacts for leadership.
• People-First Leader: Passion for coaching, building inclusive teams, and fostering a culture of security awareness and IT excellence.

Some perks of becoming a Babbelonian:

• Enjoy 30 vacation days and the chance to take a 3-month Sabbatical. Plus family and life situation counseling
• Decide how, when and from where you want to work with our flexible working hours and remote friendly options as Jobbatical (up to 3 months inside the EU) or work from our fully equipped office with nap, faith and family rooms
• Learn and grow with the internal learning opportunities, and use a yearly learning & development budget for external training. Learn languages with Babbel for free with your full access to Babbel & Babbel Live classes
• Take advantage of your mobility benefits options and a discounted Urban Sports Club membership
• Be part of our employee communities (such as Femgineers, DE&I Ambassadors and LGBTQIA groups), attend cultural and regular social events

Diversity at Babbel

As part of our ongoing journey towards building a diverse, equitable and inclusive company, we welcome everyone to apply, especially those individuals who are underrepresented in tech. We are a learning company, inside and out, and we encourage you to apply even if you do not fit all the technical requirements - all candidates are assessed based on skills, qualifications and on our business needs. Please state your pronouns in your application, and let us know if you’d like to be addressed by a name other than the one appearing on your official documents. If you have a disability or special need, feel welcome to inform us, so that we can provide you with the proper assistance in the application process.