Group Information Security Officer - Automation & Cybersecurity

Who are we?

PWO Group is a global company in the mobility industry, shaping environmentally friendly mobility of the future. We are technology leaders in climate‑friendly lightweight construction and combine innovation, economic efficiency and sustainability. Our corporate strategy is summarized by PEOPLE. PLANET. PROGRESS.

Job title: Group Information Security Officer (m/f/d)

Location: Čačak, Serbia

The Group Information Security Officer (ISO) has end‑to‑end ownership of Information Security and Cyber Security across all PWO Group locations. This is an operational leadership role with accountability for real security outcomes. The focus is on building, operating and continuously improving effective security controls. TISAX and ISO/IEC 27001 are treated as mandatory frameworks — not as the purpose of the role. This position is not a documentation or audit‑only function.

Your responsibilities encompass:

Ownership and accountability for Information Security

• Own and operate the Group Information Security Management System (ISMS) across all subsidiaries and sites.
• Define security priorities and drive improvements based on real risks and business impact.
• Take responsibility for security decisions, risk acceptance and remediation tracking.
• Provide clear, technically grounded guidance to management and IT.
• Reference: zjb80Hk7jRFYa5q_0DwCGWLsa_5XwR2o5bLdDWRC_50T6zh-lV0w_jAN9qNOdarX

Automation, pragmatism and execution

• Actively eliminate manual and repetitive ISMS and audit activities through automation.
• Use technical tools, scripting, Power Automate and AI‑supported workflows as standard working methods.
• Translate TISAX, ISO 27001 and customer requirements into lean, scalable and enforceable processes.
• Ensure that compliance evidence is a by‑product of good security operations — not separate work.

Technical security enablement

• Work closely with IT to design and implement technical and organizational security controls.
• Challenge solutions that are formally compliant but technically ineffective.
• Drive & support incident response process, vulnerability management and continuous hardening activities.
• Maintain a solid understanding of modern IT and security architectures.

Coordination and representation

• Coordinate local Information Security Officers and security contacts at the sites.
• Ensure consistent security standards across the Group without unnecessary bureaucracy.
• Represent the PWO Group confidently towards customers, auditors and authorities.

Security culture and enablement

• Build a security culture focused on responsibility and enablement, not fear or checkbox compliance.
• Deliver targeted, role‑based security awareness and technical trainings.
• Embed security requirements into daily operations, onboarding and supplier management.

Qualifications and requirements

Education and experience

• Technical degree or comparable practical background in IT, Information Security or Cyber Security.
• Several years of hands‑on experience in operational IT-technical or Cyber-/-Information Security roles.
• Proven experience with TISAX and/or ISO 27001 beyond document creation.
• Experience in complex or industrial environments is an advantage.

Profile and mindset

• Strong technical understanding combined with a pragmatic execution mindset.
• Clear sense of ownership and willingness to take responsibility.
• Low tolerance for ineffective controls and unnecessary bureaucracy.
• Ability to simplify complex requirements and drive measurable improvements.
• Very good communication skills in English.