Senior Information Security Specialist (German-speaking)

About The Position

Requirements

• German (C1/C2) and English (fluent) is a must for this role
• 5+ years of hands‑on information security and GRC experience in B2B SaaS
• Led 3+ successful ISO 27001 certification projects as an implementer and/or auditor at a startup or mid-market company
• Hands on experience with a GRC platform like Secfix, or similar GRC platforms
• Cloud infrastructure readiness across AWS, Azure, and GCP; experience with posture analysis and remediation planning
• Strong project management skills with the ability to break down ambiguous initiatives into concrete deliverables, prioritizes ruthlessly, and ships
• Excellent written communication, especially in producing clear, precise compliance content for diverse audiences (auditors, founders, engineers)
• Strong ownership mindset: operates as a senior individual contributor without waiting for direction

Nice To Haves

• Experience implementing one or two additional compliance frameworks (e.g. SOC 2, GDPR, NIS 2, etc.)
• Experience mentoring or coaching colleagues in a compliance, audit, or GRC context
• Experience in a startup environment is a plus

Responsibilities

• Own and drive the compliance roadmap inside the Secfix platform across different compliance frameworks (ISO 27001, TISAX, SOC 2, GDPR, NIS 2, DORA, ISO 27017/27018, ISO 42001, C5, and more as we expand)
• Implement ISO 27001 and adjacent frameworks end-to-end for customers
• Mentor and upskill the compliance team: sharing expertise, reviewing work, and helping drive consistency in audits and customer deliverables
• Conduct internal audits directly for strategic and complex customers, and review the internal audits performed by junior team members to drive quality and consistency
• Act as a compliance partner to CSMs and sales reps: fast, reliable support for customer questions, and joining customer calls when deep expertise is needed
• Own the quality of compliance content in the platform (including creating policies, evidence templates, Compliance enable playbooks for our CSMs, security awareness trainings and more)
• Close framework gaps and incorporate auditor feedback into both team practice and platform improvements
• Partner with product and engineering to translate compliance gaps into structured product work
• Collaborate closely with CS, Product, and Founders to align compliance, customer, and roadmap priorities
• Deepen relationships with our existing certification partners and train auditors on the Secfix platform so they can confidently use it during customer audits

Benefits

• 100% remote work with a virtual office in Gather
• Competitive Salary: Industry-competitive local salaries. We pay local rates that are at or above the market.
• Equity: Generous equity package
• Mentorship: Backed by top VCs and accelerators and have direct access to world-class mentors.
• Development Budget: €1,000 annual personal development budget.
• Home office budget and access to co-working spaces.
• 26 days holiday + local public holidays.
• Comprehensive health coverage.
• Annual retreat to build connections and inspire ideas
• Company-wide events to build relationships and have some fun!
• Latest tech equipment (MacBook, monitors, headphones).