Job
- Level
- Senior
- Job Field
- IT, Security
- Employment Type
- Full Time
- Contract Type
- Permanent employment
- Location
- Berlin
- Working Model
- Full Remote
Job Summary
In this role, you will be responsible for implementing and maintaining compliance standards across various frameworks, creating quality content, and supporting the team during customer projects and audits.
Job Technologies
Your role in the team
- At Secfix, we're at the forefront of automating security compliance in Europe. We help companies get and stay ISO 27001, GDPR, TISAX, and SOC 2 fast and easy and reduce hundreds of hours of manual work.
- We're hiring a Senior Information Security Specialist to strengthen our compliance function as Secfix scales into more frameworks, mid-market customers, and a growing compliance team.
- This role sits at the intersection of compliance delivery, content, and team support.
- You will own the compliance knowledge embedded within our platform, mentor our junior compliance specialists, support our customer success team, and serve as the senior compliance voice for customers, auditors, and product.
- You will work closely with our co-founder & CISO and our CS Lead.
- You will own one of the most important pillars of Secfix: the quality and breadth of our compliance offering.
- You can test new approaches, but at the end of the day, you have full ownership of how you deliver results (with a strong support network from within and outside the company).
- You will: Own and drive the compliance roadmap inside the Secfix platform across different compliance frameworks (ISO 27001, TISAX, SOC 2, GDPR, NIS 2, DORA, ISO 27017/27018, ISO 42001, C5, and more as we expand).
- Implement ISO 27001 and adjacent frameworks end-to-end for customers.
- Mentor and upskill the compliance team: sharing expertise, reviewing work, and helping drive consistency in audits and customer deliverables.
- Conduct internal audits directly for strategic and complex customers, and review the internal audits performed by junior team members to drive quality and consistency.
- Act as a compliance partner to CSMs and sales reps: fast, reliable support for customer questions, and joining customer calls when deep expertise is needed.
- Own the quality of compliance content in the platform (including creating policies, evidence templates, Compliance enable playbooks for our CSMs, security awareness trainings and more).
- Schließen Sie Framework-Lücken und integrieren Sie Auditoren-Feedback sowohl in die Teampraktiken als auch in Plattformverbesserungen.
- Partner with product and engineering to translate compliance gaps into structured product work.
- Collaborate closely with CS, Product, and Founders to align compliance, customer, and roadmap priorities.
- Deepen relationships with our existing certification partners and train auditors on the Secfix platform so they can confidently use it during customer audits.
This text has been machine translated. Show original
Our expectations of you
Qualifications
- German (C1/C2) and English (fluent) are a must for this role.
- Led 3+ successful ISO 27001 certification projects as an implementer and/or auditor at a startup or mid-market company.
- Strong project management skills with the ability to break down ambiguous initiatives into concrete deliverables, prioritize ruthlessly, and ship.
- Excellent written communication, especially in producing clear, precise compliance content for diverse audiences (auditors, founders, engineers).
- Strong ownership mindset: operates as a senior individual contributor without waiting for direction.
Experience
- 5+ years of hands-on information security and GRC experience in B2B SaaS.
- Hands-on experience with a GRC platform like Secfix, or similar GRC platforms.
- Cloud infrastructure readiness across AWS, Azure, and GCP; experience with posture analysis and remediation planning.
- Experience implementing one or two additional compliance frameworks (e.g., SOC 2, GDPR, NIS 2, etc.) is a bonus.
- Experience mentoring or coaching colleagues in a compliance, audit, or GRC context is a bonus.
- Experience in a startup environment is a plus.
This text has been machine translated. Show original
What we offer
- 100% remote work with a virtual office in Gather.
- Industry-competitive local salaries.
- Generous equity package - we're all owners of Secfix and beneficiaries of our collective success.
- We are backed by top VCs and accelerators and have direct access to world-class mentors.
- €1,000 annual personal development budget.
- Home office budget and access to co-working spaces.
- 26 days holiday + local public holidays.
- Umfassende Krankenversicherung.
- Annual retreat to build connections and inspire ideas (this year we're headed to Milan!).
- Company-wide events to build relationships and have some fun!
- Latest tech equipment (MacBook, monitors, headphones).
This text has been machine translated. Show original
Benefits
Work-Life-Integration
Topics that you deal with on the job
Job Locations
This is your employer
Secfix
Secfix GmbH, founded in 2021 in Berlin, focuses on developing an automated compliance platform. With offices in Munich and Berlin, the company assists European firms in adhering to security standards and certifications. Secfix has established itself as a leading platform in the field of security compliance and employs AI-driven automation to enhance compliance processes.
Description
- Company Type
- Startup
- Working Model
- Full Remote
- Industry
- Internet, IT, Telecommunication
Senior Information Security Specialist
- Location
- Berlin
- Working Model
- Full Remote
- Diversity
- Open for all genders
