CrawlJobs Logo
Staffbase Logo Staffbase · IT - Administration

Principal Information Security Manager

Germany, Chemnitz · Job Posted May 28, 2026
Apply Position
Job Link Share

Job Description

The next chapter is about making it investor-ready, AI-efficient, and capable of sustaining enterprise customer trust at scale. This is not a build-from-scratch role. It is a step up in maturity: fewer manual processes and sharper governance. The position sits at the center of the InfoSec team; you coordinate across teams, own outcomes and represent the function. You are comfortable being the person customers and auditors talk to. You think in programs and systems, not tasks. You identify where manual effort can be replaced by tooling or AI-assisted workflows, and are empowered to drive that change as we build out our AI-driven operating model across the company.

Job Responsibility

  • Lead ISO 27001 and SOC 2 audit cycles end-to-end in preparation, evidence collection, auditor management, and findings remediation
  • Own the control framework and ensure it stays current as the business evolves
  • Prepare the InfoSec program for investor and M&A due diligence scrutiny
  • Own the response to enterprise customer security questionnaires and RFPs
  • Represent Staffbase credibly in customer security reviews, calls, and audits
  • Build scalable approaches (automation, templates, knowledge base) to reduce response time without sacrificing quality
  • Maintain the risk register and drive risk treatment decisions with relevant stakeholders
  • Own vendor security assessments for critical and high-risk suppliers
  • Partner with Procurement and Legal on AI-assisted review workflows
  • Own the internal security policy framework, keep it current, understandable, and enforced
  • Design and run security awareness programs that change behaviour, not just tick boxes
  • Own the incident response plan and lead execution when incidents occur
  • Coordinate with Engineering, Legal, and leadership during incidents
  • Drive post-incident reviews and close findings with owners

Requirements

  • 5+ years of hands-on InfoSec experience in a SaaS or B2B tech company
  • Proven ownership of ISO 27001 and/or SOC 2 programs
  • Track record of representing InfoSec to enterprise customers, including security reviews and escalations
  • Fluent in German and English
  • Comfortable with AI-driven tooling
  • actively looks for automation opportunities in compliance and operations

Nice to have

  • Experience supporting or preparing for M&A or investor due diligence processes
  • Background working alongside Legal, Procurement, and Engineering
  • Practical understanding of cloud security architecture (enough to challenge and validate, not operate)
  • Relevant certification: CISM, CISSP, ISO 27001 Lead Auditor/Implementer, or equivalent

What we offer

  • Competitive Compensation - we offer attractive salary packages including LTIP (unit-based Long Term Incentive Plan)
  • Flexibility - we offer flexible working time models and the option of hybrid work, and support this with a yearly flex work allowance of €1560
  • Recharge - with 31 vacation days annually (incl. one floating holiday), plus pro rata fully paid Fridays off during August
  • Support - we’re offering a company pension scheme
  • Volunteers Day - you’ll get one day off per year for supporting a social project
Staffbase - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Principal Information Security Manager

8 matching positions

Security Principal

As a Security Principal, you'll play a critical role in protecting the integrity...
Location
Location
United States
Salary
Salary:
117500.00 - 270000.00 USD / Year
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in information security, Information Technology, Risk Management, or a related field (master's preferred)
  • Certifications such as CISM, CRISC, or similar preferred
  • 7+ years of experience in Information Security, IT Governance, or Risk Management
  • Hands-on experience in multiple technical security domains, such as: Endpoint protection, Identity and access management (IAM), Vulnerability management, Security logging and monitoring, Network segmentation and zoning, Cloud security controls, Incident detection and response
  • Demonstrated experience managing or governing secure environments, particularly in large or complex organizations
  • Deep understanding of information security principles, frameworks (e.g., NIST, ISO 27001), and regulatory requirements (e.g., GDPR, SOX)
Job Responsibility
Job Responsibility
  • Protecting the integrity of HPE’s labs and non-production environments
  • Ensuring environments are designed, operated, and decommissioned in alignment with security policies, risk frameworks, and regulatory obligations
  • Leading the security program's vision, execution, and ongoing evolution
  • Collaborating between business units, IT, and security
  • Embedding 'secure-by-design' principles in projects
  • Continuously improving governance processes
What we offer
What we offer
  • Health & Wellbeing
  • Personal & Professional Development
  • Unconditional Inclusion
  • Fulltime
Read More
Arrow Right

Principal Security Architect

As a Security Architect, your role involves designing, reviewing, and enhancing ...
Location
Location
United States , San Francisco
Salary
Salary:
164000.00 - 290000.00 USD / Year
ethoslife.com Logo
Ethos
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of experience in Information Security with at least 2 years as a Security Architect
  • Bachelor’s Degree in Computer Science or related field, or an additional 3 years of pertinent work involvement preferred
  • Strong knowledge of prevalent security architectures, frameworks, standards and emerging threats along with strategies and technologies for defense
  • Deep understanding of network protocols, operating systems, databases, applied cryptography, least privilege, zero trust principles, identity & access management, and other core information security concepts
  • Expertise in cloud computing and its associated best security practices encompassing applications, infrastructure, storage, platforms, and data security
  • Ability to conduct threat modeling and risk assessments
  • Ability to come into our San Francisco, CA office once a week
Job Responsibility
Job Responsibility
  • Conduct Threat Modeling & Architectural Assessments to cover all Information Security domains to ensure Security by Design
  • Assess technologies and solutions to develop and enrich security capabilities
  • Identify security gaps and communicate associated business risks to relevant stakeholders
  • Craft solutions that harmonize business needs with security and compliance requirements
  • Verify the effectiveness of security controls in mitigating identified risks
  • Assist engineering projects across the Software Development Life Cycle (SDLC) and collaborate to prioritize product security elements effectively
  • Apply expertise in information security and application development to instigate organizational shifts aimed at managing and resolving security weaknesses and vulnerabilities
  • Contribute to the creation of security policies, standards, and guidelines
  • Devise and implement frameworks for data classification, retention, and disposal to ensure alignment with data privacy regulations
  • Spearhead initiatives for data security awareness and training
  • Fulltime
Read More
Arrow Right

IAM - Privileged Access Management Principal

Principal PAM Architect to lead the strategy, architecture, design, and implemen...
Location
Location
United States , Houston
Salary
Salary:
117500.00 - 270000.00 USD / Year
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience)
  • 8+ years in cybersecurity or IT with demonstrated hands-on PAM specific experience in enterprise-scale environments
  • Proven experience in architecture, design, and implementation of PAM solutions across large, complex enterprises
  • Deep technical expertise with CyberArk (Privileged Cloud and on-prem)
  • Strong knowledge of Zero Trust principles, JIT/JEA access models, and privileged identity lifecycle management
  • Experience integrating PAM with cloud platforms (Azure, AWS, GCP), DevOps pipelines, and enterprise IT ecosystems
  • Experience with secrets management platforms (CyberArk Conjur, HashiCorp Vault, AWS Secrets Manager, etc.)
  • Working knowledge of modern authentication standards (SAML, OIDC, FIDO2, MFA, passwordless)
  • Hands-on expertise with Windows, Linux, Active Directory, and cloud IAM models
  • Good understanding of the privilege access models of Active Directory, Azure/Entra ID, AWS and GCP
Job Responsibility
Job Responsibility
  • Define PAM strategy, roadmap, and reference architectures aligned to enterprise security and compliance requirements
  • Design and implement scalable PAM solutions for large, complex environments across on-prem, hybrid, and multi-cloud infrastructures
  • Incorporate Zero Trust, Just-in-Time (JIT), and Just Enough Access (JEA) models into PAM solutions
  • Lead the enterprise rollout and lifecycle management of CyberArk Privileged Cloud and related modules
  • Implement and manage privileged session monitoring, endpoint privilege management (EPM), and application-to-application password management
  • Drive integration of PAM with identity providers, SIEM/SOAR, ITSM, and DevOps pipelines
  • Establish and enforce policies for privileged access governance, auditing, and regulatory compliance
  • Conduct regular reviews of PAM controls to prevent credential theft, lateral movement, and unauthorized access
  • Act as the PAM subject matter expert (SME), advising executives, architects, and engineering teams on privileged access security
  • Mentor and guide engineering teams on PAM best practices and secure operations
What we offer
What we offer
  • Health & Wellbeing benefits
  • Personal & Professional Development programs
  • Unconditional Inclusion environment
  • Comprehensive benefits suite supporting physical, financial and emotional wellbeing
  • Fulltime
Read More
Arrow Right

Principal Auditor- Cyber, Risk and Analysis Technology Audit

Capital One’s Audit function is a dedicated group of professionals focused on de...
Location
Location
United States , McLean
Salary
Salary:
119400.00 - 163500.00 USD / Year
capitalone.com Logo
Capital One
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s Degree or military experience
  • At least 4 years of experience in information technology (operations, software delivery, access management, microservices), information security (application security, network security, cyber security, data protection), information systems risk management, information systems auditing, or a combination
  • At least 1 year of experience in cloud computing and controls (design, operation, risk management, or auditing)
  • At least 2 years of experience in managing components of audit engagements, project management or a combination
  • At least 2 years of experience in analyzing data extracts to identify trends, patterns, and anomalies, including 1 year of experience in test scripting or coding (writing, reviewing, assessing)
Job Responsibility
Job Responsibility
  • Execute major components of audits, including critical technology functions, cloud-based infrastructure, cybersecurity, risk management, application, and third-party management, as well as the ability to assist in leading components of small to medium size audits
  • Perform risk assessments of business units and technology operations, design and execute audit procedures to verify the effectiveness of existing controls, identify and define issues, review and analyze evidence, and document client processes and procedures
  • Understand the broader context and implications (e.g., financial, legal, reputational, etc.) of the various types of risk affecting the business and critical technology functions
  • Establishes and maintains good client relations during engagements
  • Communicates or assists in communicating the results of some audit projects to management via written reports and oral presentations
  • Identify expectations of the client and take actions to support the client experience
  • Prepare clear, organized and complete documentation to support work performed
  • Self prioritize and effectively plan own work activities managing multiple priorities and tasks across the team to deliver quality results
  • Coordinate with others and proactively take on additional work
  • Deliver appropriate, succinct and organized information, tailoring communication style to audience
What we offer
What we offer
  • performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI)
  • comprehensive, competitive, and inclusive set of health, financial and other benefits
  • Fulltime
Read More
Arrow Right

Principal Technology Auditor- Global Payment Network

Capital One’s Audit function is a dedicated group of professionals focused on de...
Location
Location
United States , Plano; Chicago; Richmond; McLean; New York; Riverwoods; Charlotte
Salary
Salary:
119400.00 - 163500.00 USD / Year
capitalone.com Logo
Capital One
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s Degree or military experience
  • At least 4 years of experience in information technology (operations, software delivery, access management, microservices), information security (application security, network security, cyber security, data protection), information systems risk management, information systems auditing, or a combination
  • At least 2 years of experience in managing audit engagements, project management or a combination
Job Responsibility
Job Responsibility
  • Execute major components of audits, including critical technology functions, cybersecurity, risk management, application, and third-party management, as well as the ability to assist in leading components of small to medium size audits
  • Perform risk assessments of business units and technology operations, design and execute audit procedures to verify the effectiveness of existing controls, identify and define issues, review and analyze evidence, and document client processes and procedures
  • Understand the broader context and implications (e.g., financial, legal, reputational, etc.) of the various types of risk affecting the business and critical technology functions
  • Establishes and maintains good client relations during engagements. Communicates or assists in communicating the results of some audit projects to management via written reports and oral presentations
  • Identify expectations of the client and take actions to support the client experience
  • Prepare clear, organized and complete documentation to support work performed
  • Self prioritize and effectively plan own work activities managing multiple priorities and tasks across the team to deliver quality results
  • Coordinate with others and proactively take on additional work
  • Deliver appropriate, succinct and organized information, tailoring communication style to audience
  • Effectively communicate information, issues and audit progress to teammates, clients and auditor-in-charge
What we offer
What we offer
  • comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being
  • performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI)
  • Fulltime
Read More
Arrow Right
New

Senior Consultant - CRM (Proactive Services) Unit 42

As a Senior Consultant in Unit 42 you will have the opportunity to work across a...
Location
Location
South Korea , Seoul
Salary
Salary:
Not provided
paloaltonetworks.it Logo
Palo Alto Networks Italia
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 3+ years of consulting experience in SOC, security engineering, SIEM administration, and incident management
  • Possess a deep technical knowledge in Security Incident and Event Management (SIEM) platforms, Security Orchestration and Response (SOAR) technologies, Endpoint Protection and Response/Next Gen Protection and Response (EDR/XDR) tools, Next GenFirewalls, Threat Intelligence and Hunting platforms
  • 3+ years of experience performing cloud security advisement and risk assessments based upon industry-accepted standards
  • Hands-on experience with a cloud hosting provider (AWS, Azure, GCP, etc)
  • Experience with a Cloud Application Security Broker - MCAS, Netskope
  • Possess a deep technical knowledge in CASBs, Cloud Platforms and the dependencies around such an environment (WAF, SSO, Cloud Threats, API Security, Cloud Security Posture Management)
  • Former experience with cloud migrations (cloud to cloud, or on-prem to cloud)
  • Experience in performing cyber security threat & risk assessments to support the development of cyber security strategies and roadmaps
  • Technical proficiency in a wide range of cyber risk management services, including cyber threat, risk and control assessments, secure software development practices, penetration testing, vulnerability assessments, among others
  • Sound knowledge of applicable laws, compliance regulations, and industry standards as it relates to privacy, security, and compliance
Job Responsibility
Job Responsibility
  • SOC Advisory
  • Principal Cloud Security
  • Principal Cyber Risk Management
  • Fulltime
Read More
Arrow Right

Security Engineer II

PagerDuty is seeking an Enterprise Security Engineer to join its global IT Opera...
Location
Location
Canada , Toronto
Salary
Salary:
122000.00 - 185000.00 CAD / Year
https://www.pagerduty.com Logo
PagerDuty
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • At least 3 years of experience in the information security industry, with 2+ years in network security or zero-trust, and 2+ years in security architecture or solution experience
  • Knowledge of Information Security concepts, especially in the areas of security threats, analyzing security logs and driving Incident response
  • Knowledge and practical experience in network security and zero-trust
  • Understanding of the IAM cybersecurity landscape, including identity stores, authentication/authorization, strong authentication, and privileged access management capabilities and methodologies
  • Understanding of security technologies and concepts, including SIEM, MDR/XDR, EDR and vulnerability management
  • Understanding of security best practices and frameworks (e.g., MITRE ATT&CK, NIST Cybersecurity Framework)
  • Knowledge of incident response processes
Job Responsibility
Job Responsibility
  • Partner closely with CISO organization to design and implement enterprise IT security architectures and solutions
  • Tracking the evolution of cutting-edge security technologies, and keeping up to date of the latest security threats and trends
  • Focus on enterprise security and zero-trust technology, serving as the principal technical expert in this area within the Enterprise Security department
  • Monitors security alerts and leads the team in identifying and responding to security threats
  • Monitors systems for vulnerabilities, provides prioritization, and drives remediation efforts
  • Working cross-functionally to triage suspicious activity and drive remediation (performing L2-L3 duties as needed)
  • Analyzing threat intelligence feeds to develop metrics, alerts, and techniques to protect against new and emerging attack vectors
  • Develop metrics, thresholds, alerts, dashboards, and incident response playbooks
  • Drive the design and development of automated security response and maintenance solutions
  • Oversee our workstation vulnerability management & endpoint compliance program
What we offer
What we offer
  • Competitive salary
  • Comprehensive benefits package
  • Flexible work arrangements
  • Company equity
  • ESPP (Employee Stock Purchase Program)
  • Retirement or pension plan
  • Generous paid vacation time
  • Paid holidays and sick leave
  • Dutonian Wellness Days & HibernationDuty - companywide paid days off in addition to PTO
  • Paid parental leave: 22 weeks for pregnant parent, 12 weeks for non-pregnant parent
  • Fulltime
Read More
Arrow Right

Principal Security Engineer

The Principal Security Engineer, under the direction of the Director of Security...
Location
Location
United States , Palo Alto
Salary
Salary:
147050.00 - 220800.00 USD / Year
wsgr.com Logo
Wilson, Sonsini, Goodrich & Rosati
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree required
  • 5+ of experience in Information Security
  • One or more of the following certifications preferred: GIAC, CISSP, CISM, CEH, CIPP
  • Focus on knowledge of direct support for Security Information and Event Management (SIEM) systems (e.g. configuration of feeds, developing alarm/report concepts), Red Teaming concepts and execution, and Linux skills including command line and operational/administrative usage
  • Extensive knowledge of traditional security controls and technologies, such as Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), public key infrastructure (PKI), identity and access management (IDAM) systems, antivirus and firewalls, in addition to newer offerings such as endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration, deception technologies and application controls
  • Experience with windows desktop, server, and database security
  • Ability to identify security technology risks and perform incident response
  • Extensive knowledge of TCP/IP networking including wireless, network monitoring/design and routing
  • Extensive understanding of the cyber kill-chain
  • Experience in cloud computing technologies, including software-, infrastructure and platform-as-a-service, as well as public, private, and hybrid environments
Job Responsibility
Job Responsibility
  • Provide subject matter expertise in information security as it relates to networks and systems
  • Manage the Firm’s security technology including but not limited to: anti-virus, vulnerability scanning, intrusion detection, content filtering, and insider threat systems
  • Review security events from all monitoring environments not integrated with the firm SIEM, and those events escalated by the SOC, on a daily basis, and follow defined incident response processes in their analysis and reporting
  • Monitor appropriate venues for threats to the security of the Wilson Sonsini Goodrich & Rosati environment. Provide notification to all impacted parties related to the actions needed to mitigate threats and manage the threat lifecycle in totality
  • Manage and lead evaluations of the firm’s environment by external 3rd parties. Produce recommendations that integrate any findings with the business needs of the firm
  • Maintain knowledge of the information security needs of firm clients and implement measures to satisfy those requirements in the most efficient manner
  • Keep abreast of emerging security technologies and discipline developments. Make appropriate recommendations that meet the firms needs
  • Design and build operational environments that scale to meet the needs of our security products and assure appropriate reliability
  • Support general troubleshooting related to information security tasks and provide support to end users as needed
  • Provide other teams with security consulting services, including responding to requests for additional information and assisting with specific projects
What we offer
What we offer
  • discretionary year-end merit bonus based on performance
  • highly competitive salary and benefits package
  • Fulltime
Read More
Arrow Right