Job
- Level
- Senior
- Job Field
- IT, Security
- Employment Type
- Full Time
- Contract Type
- Permanent employment
- Location
- Berlin
- Working Model
- Hybrid, Onsite
Job Summary
In this role, you will lead information security within Finance, conduct ISO 27001 and SOC 2 audits, manage customer security inquiries, and oversee security policy management.
Your role in the team
- You will act as the senior deputy for InfoSec within our Finance & Operations department, owning the function day-to-day, representing it internally and externally, and making it run with less friction and more intelligence.
- You report directly to the SVP of Business Operations & Transformation and work closely with Legal, Procurement, Engineering, external auditors, and enterprise customers.
- Lead ISO 27001 and SOC 2 audit cycles end-to-end in preparation, evidence collection, auditor management, and findings remediation.
- Own the control framework and ensure it stays current as the business evolves.
- Prepare the InfoSec program for investor and M&A due diligence scrutiny.
- Verantwortlich für die Beantwortung von Sicherheitsfragebögen und RFPs (Request for Proposals) von Unternehmenskunden.
- Represent Staffbase credibly in customer security reviews, calls, and audits.
- Build scalable approaches (automation, templates, knowledge base) to reduce response time without sacrificing quality.
- Maintain the risk register and drive risk treatment decisions with relevant stakeholders.
- Own vendor security assessments for critical and high-risk suppliers.
- Partner with Procurement and Legal on AI-assisted review workflows.
- Own the internal security policy framework, keep it current, understandable, and enforced.
- Design and run security awareness programs that change behaviour, not just tick boxes.
- Own the incident response plan and lead execution when incidents occur.
- Coordinate with Engineering, Legal, and leadership during incidents.
- Führen Sie Nachbesprechungen nach Vorfällen durch und schließen Sie die Ergebnisse mit den Verantwortlichen ab.
This text has been machine translated. Show original
Our expectations of you
Qualifications
- Nachgewiesene Verantwortung für ISO 27001 und/oder SOC 2 Programme.
- Track record of representing InfoSec to enterprise customers, including security reviews and escalations.
- Fluent in German and English.
- Comfortable with AI-driven tooling; actively looks for automation opportunities in compliance and operations.
- Background working alongside Legal, Procurement, and Engineering.
- Practical understanding of cloud security architecture (enough to challenge and validate, not operate).
- Relevant certification: CISM, CISSP, ISO 27001 Lead Auditor/Implementer, or equivalent. Certification matters less than what you have built.
Experience
- 5+ years of hands-on InfoSec experience in a SaaS or B2B tech company.
- Experience supporting or preparing for M&A or investor due diligence processes.
This text has been machine translated. Show original
What we offer
- Competitive Compensation - we offer attractive salary packages including LTIP (unit-based Long Term Incentive Plan).
- Flexibility - we offer flexible working time models and the option of hybrid work, and support this with a yearly flex work allowance of €1560.
- Recharge - with 31 vacation days annually (including one floating holiday), plus pro-rata fully paid Fridays off during August.
- Support - we're offering a company pension scheme.
- Volunteers Day - you'll get one day off per year for supporting a social project.
This text has been machine translated. Show original
Topics that you deal with on the job
Job Locations
This is your employer
Staffbase GmbH
Founded in 2014, Staffbase GmbH is an innovative company that develops internal communication solutions, helping organizations connect their employees.
Description
- Company Type
- Established Company
- Working Model
- Hybrid, Onsite
- Industry
- Internet, IT, Telecommunication
Principal Information Security Manager
- Location
- Berlin
- Working Model
- Hybrid, Onsite
- Diversity
- Open for all genders
