This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
This is not a build-from-scratch role. It is a step up in maturity: fewer manual processes and sharper governance. The position sits at the center of the InfoSec team; you coordinate across teams, own outcomes and represent the function. You are comfortable being the person customers and auditors talk to. You think in programs and systems, not tasks. You identify where manual effort can be replaced by tooling or AI-assisted workflows, and are empowered to drive that change as we build out our AI-driven operating model across the company.
Job Responsibility
Lead ISO 27001 and SOC 2 audit cycles end-to-end
Own the control framework
Prepare the InfoSec program for investor and M&A due diligence scrutiny
Own the response to enterprise customer security questionnaires and RFPs
Represent Staffbase in customer security reviews, calls, and audits
Build scalable approaches to reduce response time
Maintain the risk register and drive risk treatment decisions
Own vendor security assessments for critical and high-risk suppliers
Partner with Procurement and Legal on AI-assisted review workflows
Own the internal security policy framework
Design and run security awareness programs
Own the incident response plan and lead execution
Coordinate with Engineering, Legal, and leadership during incidents
Drive post-incident reviews and close findings with owners
Requirements
5+ years of hands-on InfoSec experience in a SaaS or B2B tech company
Proven ownership of ISO 27001 and/or SOC 2 programs
Track record of representing InfoSec to enterprise customers, including security reviews and escalations
Must be fluent in German and English
Comfortable with AI-driven tooling
actively looks for automation opportunities in compliance and operations
Nice to have
Experience supporting or preparing for M&A or investor due diligence processes
Background working alongside Legal, Procurement, and Engineering
Practical understanding of cloud security architecture
Relevant certification: CISM, CISSP, ISO 27001 Lead Auditor/Implementer, or equivalent
What we offer
competitive compensation including LTIP (unit-based Long Term Incentive Plan)
flexible working time models
hybrid work option
yearly flex work allowance of €1560
31 vacation days annually (incl. one floating holiday)
pro rata fully paid Fridays off during August
company pension scheme
one Volunteers Day per year for supporting a social project