Job Drop BerlinYOUR WAY INTO BERLIN TECH
POST A JOBSAVED JOBSMEET A STARTUPREADSUBSCRIBE
NewsletterLinkedIn
AboutTermsImpressumPrivacy

Senior Information Security Specialist (German-speaking)

SSecfix
Seniority
Senior
Model
Remote
Sector
B2B SaaS
Salary
Undisclosed
Contract
Full-Time

About the role

Senior Information Security Specialist to strengthen our compliance function as Secfix scales into more frameworks, mid-market customers, and a growing compliance team. This role sits at the intersection of compliance delivery, content, and team support. You'll own the compliance knowledge that lives inside our platform, mentor our junior compliance specialists, support our customer success team, and act as the senior compliance voice for customers, auditors, and product.

What you'll do

  • Own and drive the compliance roadmap inside the Secfix platform across different compliance frameworks (ISO 27001, TISAX, SOC 2, GDPR, NIS 2, DORA, ISO 27017/27018, ISO 42001, C5, and more as we expand)
  • Implement ISO 27001 and adjacent frameworks end-to-end for customers
  • Mentor and upskill the compliance team: sharing expertise, reviewing work, and helping drive consistency in audits and customer deliverables
  • Conduct internal audits directly for strategic and complex customers, and review the internal audits performed by junior team members to drive quality and consistency
  • Act as a compliance partner to CSMs and sales reps: fast, reliable support for customer questions, and joining customer calls when deep expertise is needed
  • Own the quality of compliance content in the platform (including creating policies, evidence templates, Compliance enable playbooks for our CSMs, security awareness trainings and more)
  • Partner with product and engineering to translate compliance gaps into structured product work
  • Deepen relationships with our existing certification partners and train auditors on the Secfix platform so they can confidently use it during customer audits

What you'll need

  • German (C1/C2) and English (fluent) is a must for this role
  • 5+ years of hands-on information security and GRC experience in B2B SaaS
  • Led 3+ successful ISO 27001 certification projects as an implementer and/or auditor at a startup or mid-market company
  • Hands on experience with a GRC platform like Secfix, or similar GRC platforms
  • Cloud infrastructure readiness across AWS, Azure, and GCP; experience with posture analysis and remediation planning
  • Strong project management skills with the ability to break down ambiguous initiatives into concrete deliverables, prioritizes ruthlessly, and ships
  • Excellent written communication, especially in producing clear, precise compliance content for diverse audiences (auditors, founders, engineers)
  • Strong ownership mindset: operates as a senior individual contributor without waiting for direction

Nice to have

  • Experience implementing one or two additional compliance frameworks (e.g. SOC 2, GDPR, NIS 2, etc.)
  • Experience mentoring or coaching colleagues in a compliance, audit, or GRC context
  • Experience in a startup environment

What they offer

  • 100% remote work with a virtual office in Gather
  • Generous equity package
  • €1,000 annual personal development budget
  • 26 days holiday + local public holidays
  • Comprehensive health coverage
  • Latest tech equipment (MacBook, monitors, headphones)
APPLY →