Senior Information Security Specialist, German-speaking

This is a fully remote position, open to applicants in Germany.

📋 Description

• Take ownership of and lead the compliance roadmap within the Secfix platform across various compliance frameworks (ISO 27001, TISAX, SOC 2, GDPR, NIS 2, DORA, ISO 27017/27018, ISO 42001, C5, and additional frameworks as we grow).

• Execute ISO 27001 and related frameworks from start to finish for our clients.

• Guide and enhance the skills of the compliance team: sharing knowledge, reviewing outputs, and fostering consistency in audits and client deliverables.

• Perform internal audits for strategic and complex clients, and assess the internal audits conducted by junior team members to ensure quality and uniformity.

• Serve as a compliance partner to Customer Success Managers (CSMs) and sales representatives: providing swift, dependable support for client inquiries, and participating in client calls when in-depth expertise is required.

• Oversee the quality of compliance materials in the platform (including the creation of policies, evidence templates, compliance enablement playbooks for our CSMs, security awareness training, and more).

• Address framework deficiencies and integrate auditor feedback into both team practices and platform enhancements.

• Collaborate with product and engineering teams to convert compliance gaps into structured product tasks.

• Work closely with Customer Success, Product, and Founders to synchronize compliance, customer, and roadmap priorities.

• Strengthen relationships with our current certification partners and train auditors on the Secfix platform to ensure their confident usage during client audits.

⛳️ Requirements

• Proficiency in German (C1/C2) and fluent English is essential for this position.

• Over 5 years of practical experience in information security and Governance, Risk, and Compliance (GRC) within B2B SaaS.

• Successfully led 3 or more ISO 27001 certification projects as an implementer and/or auditor at a startup or mid-sized company.

• Practical experience with a GRC platform such as Secfix, or other comparable GRC platforms.

• Familiarity with cloud infrastructure across AWS, Azure, and GCP; experience in posture analysis and remediation planning.

• Strong project management abilities, capable of transforming vague initiatives into clear deliverables, prioritizing effectively, and executing.

• Exceptional written communication skills, particularly in crafting clear and precise compliance content for varied audiences (auditors, founders, engineers).

• A strong sense of ownership: functions as a senior individual contributor without waiting for guidance.

🏝️ Benefits

• Remote Work: Enjoy the flexibility of 100% remote work with a virtual office in Gather.

• Competitive Salary: We offer industry-competitive local salaries, matching or exceeding market rates, in line with our philosophy shared with GitLab.

• Equity: A generous equity package – we are all stakeholders in Secfix and share in our collective success.

• Mentorship: Access to top VCs and accelerators, along with direct connections to world-class mentors.

• Development Budget: An annual personal development budget of €1,000.

• Home Office Budget: Financial support for home office setup and access to co-working spaces.

• Holidays: 26 days of vacation plus local public holidays.

• Health Insurance: Comprehensive health coverage.

• Annual Retreat: An annual retreat designed to foster connections and inspire ideas (this year, we’re headed to Milan!).

• Company Events: Company-wide events aimed at building relationships and enjoying some fun!

• Tech Equipment: The latest technology equipment (MacBook, monitors, headphones).