CrawlJobs Logo

Principal Information Security Manager

Germany, Berlin · Job Posted July 08, 2026
Apply Position
Job Link Share

Job Description

This is not a build-from-scratch role. It is a step up in maturity: fewer manual processes and sharper governance. The position sits at the center of the InfoSec team; you coordinate across teams, own outcomes and represent the function. You are comfortable being the person customers and auditors talk to. You think in programs and systems, not tasks. You identify where manual effort can be replaced by tooling or AI-assisted workflows, and are empowered to drive that change as we build out our AI-driven operating model across the company.

Job Responsibility

  • Lead ISO 27001 and SOC 2 audit cycles end-to-end
  • Own the control framework
  • Prepare the InfoSec program for investor and M&A due diligence scrutiny
  • Own the response to enterprise customer security questionnaires and RFPs
  • Represent Staffbase in customer security reviews, calls, and audits
  • Build scalable approaches to reduce response time
  • Maintain the risk register and drive risk treatment decisions
  • Own vendor security assessments for critical and high-risk suppliers
  • Partner with Procurement and Legal on AI-assisted review workflows
  • Own the internal security policy framework
  • Design and run security awareness programs
  • Own the incident response plan and lead execution
  • Coordinate with Engineering, Legal, and leadership during incidents
  • Drive post-incident reviews and close findings with owners

Requirements

  • 5+ years of hands-on InfoSec experience in a SaaS or B2B tech company
  • Proven ownership of ISO 27001 and/or SOC 2 programs
  • Track record of representing InfoSec to enterprise customers, including security reviews and escalations
  • Must be fluent in German and English
  • Comfortable with AI-driven tooling
  • actively looks for automation opportunities in compliance and operations

Nice to have

  • Experience supporting or preparing for M&A or investor due diligence processes
  • Background working alongside Legal, Procurement, and Engineering
  • Practical understanding of cloud security architecture
  • Relevant certification: CISM, CISSP, ISO 27001 Lead Auditor/Implementer, or equivalent

What we offer

  • competitive compensation including LTIP (unit-based Long Term Incentive Plan)
  • flexible working time models
  • hybrid work option
  • yearly flex work allowance of €1560
  • 31 vacation days annually (incl. one floating holiday)
  • pro rata fully paid Fridays off during August
  • company pension scheme
  • one Volunteers Day per year for supporting a social project

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Principal Information Security Manager

8 matching positions

Principal Information Security Manager

This is not a build-from-scratch role. It is a step up in maturity: fewer manual...
Location
Location
Germany , Berlin
Salary
Salary:
Not provided
staffbase.com Logo
Staffbase
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of hands-on InfoSec experience in a SaaS or B2B tech company
  • Proven ownership of ISO 27001 and/or SOC 2 programs
  • Track record of representing InfoSec to enterprise customers, including security reviews and escalations
  • Fluent in German and English
  • Comfortable with AI-driven tooling
  • actively looks for automation opportunities in compliance and operations
Job Responsibility
Job Responsibility
  • Lead ISO 27001 and SOC 2 audit cycles end-to-end in preparation, evidence collection, auditor management, and findings remediation
  • Own the control framework and ensure it stays current as the business evolves
  • Prepare the InfoSec program for investor and M&A due diligence scrutiny
  • Own the response to enterprise customer security questionnaires and RFPs
  • Represent Staffbase credibly in customer security reviews, calls, and audits
  • Build scalable approaches (automation, templates, knowledge base) to reduce response time without sacrificing quality
  • Maintain the risk register and drive risk treatment decisions with relevant stakeholders
  • Own vendor security assessments for critical and high-risk suppliers
  • Partner with Procurement and Legal on AI-assisted review workflows
  • Own the internal security policy framework, keep it current, understandable, and enforced
What we offer
What we offer
  • attractive salary packages including LTIP (unit-based Long Term Incentive Plan)
  • flexible working time models and the option of hybrid work
  • yearly flex work allowance of €1560
  • 31 vacation days annually (incl. one floating holiday)
  • pro rata fully paid Fridays off during August
  • company pension scheme
  • one day off per year for supporting a social project (Volunteers Day)
  • Fulltime
Read More
Arrow Right

Principal Information Security Manager

The next chapter is about making it investor-ready, AI-efficient, and capable of...
Location
Location
Germany , Chemnitz
Salary
Salary:
Not provided
staffbase.com Logo
Staffbase
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of hands-on InfoSec experience in a SaaS or B2B tech company
  • Proven ownership of ISO 27001 and/or SOC 2 programs
  • Track record of representing InfoSec to enterprise customers, including security reviews and escalations
  • Fluent in German and English
  • Comfortable with AI-driven tooling
  • actively looks for automation opportunities in compliance and operations
Job Responsibility
Job Responsibility
  • Lead ISO 27001 and SOC 2 audit cycles end-to-end in preparation, evidence collection, auditor management, and findings remediation
  • Own the control framework and ensure it stays current as the business evolves
  • Prepare the InfoSec program for investor and M&A due diligence scrutiny
  • Own the response to enterprise customer security questionnaires and RFPs
  • Represent Staffbase credibly in customer security reviews, calls, and audits
  • Build scalable approaches (automation, templates, knowledge base) to reduce response time without sacrificing quality
  • Maintain the risk register and drive risk treatment decisions with relevant stakeholders
  • Own vendor security assessments for critical and high-risk suppliers
  • Partner with Procurement and Legal on AI-assisted review workflows
  • Own the internal security policy framework, keep it current, understandable, and enforced
What we offer
What we offer
  • Competitive Compensation - we offer attractive salary packages including LTIP (unit-based Long Term Incentive Plan)
  • Flexibility - we offer flexible working time models and the option of hybrid work, and support this with a yearly flex work allowance of €1560
  • Recharge - with 31 vacation days annually (incl. one floating holiday), plus pro rata fully paid Fridays off during August
  • Support - we’re offering a company pension scheme
  • Volunteers Day - you’ll get one day off per year for supporting a social project
Read More
Arrow Right

Principal Information Security Manager

We inspire people to achieve great things together. Our mission is to help organ...
Location
Location
Germany , Dresden
Salary
Salary:
Not provided
staffbase.com Logo
Staffbase
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of hands-on InfoSec experience in a SaaS or B2B tech company
  • Proven ownership of ISO 27001 and/or SOC 2 programs
  • Track record of representing InfoSec to enterprise customers, including security reviews and escalations
  • Fluent in German and English
  • Comfortable with AI-driven tooling
  • actively looks for automation opportunities in compliance and operations
  • Experience supporting or preparing for M&A or investor due diligence processes
  • Background working alongside Legal, Procurement, and Engineering
  • Practical understanding of cloud security architecture (enough to challenge and validate, not operate)
  • Relevant certification: CISM, CISSP, ISO 27001 Lead Auditor/Implementer, or equivalent
Job Responsibility
Job Responsibility
  • Act as the senior deputy for InfoSec within our Finance & Operations department, owning the function day-to-day
  • Lead ISO 27001 and SOC 2 audit cycles end-to-end
  • Own the control framework
  • Prepare the InfoSec program for investor and M&A due diligence scrutiny
  • Own the response to enterprise customer security questionnaires and RFPs
  • Represent Staffbase credibly in customer security reviews, calls, and audits
  • Build scalable approaches to reduce response time
  • Maintain the risk register and drive risk treatment decisions
  • Own vendor security assessments for critical and high-risk suppliers
  • Partner with Procurement and Legal on AI-assisted review workflows
What we offer
What we offer
  • Competitive Compensation - we offer attractive salary packages including LTIP
  • Flexibility - we offer flexible working time models and the option of hybrid work, and support this with a yearly flex work allowance of €1560
  • Recharge - with 31 vacation days annually (incl. one floating holiday), plus pro rata fully paid Fridays off during August
  • Support - we're offering a company pension scheme
  • Volunteers Day - you'll get one day off per year for supporting a social project
  • Fulltime
Read More
Arrow Right

Principal Information Manager

At Amentum, we're not just solving problems; we're engineering the future. Our t...
Location
Location
United Kingdom , Bristol; Cardiff
Salary
Salary:
Not provided
amentum.com Logo
Amentum
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Commitment to performance, quality, and continuous improvement in IM
  • Ability to engage with clients and support IM solution development
  • Commercial awareness and understanding of IM service delivery
  • Experience working within cross-functional IM teams
  • Expertise in ISO 19650 and related IM standards
  • Strong foundation in Information Management principles
  • Ability to influence policy and standards
  • Focus on performance, quality, and innovation
  • Significant experience in IM or digital delivery
  • Advanced degree or equivalent experience
Job Responsibility
Job Responsibility
  • Support the delivery of Information Management (IM) services across portfolios or frameworks
  • Contribute to shaping IM delivery models
  • Ensure consistent application of IM standards
  • Collaborate with senior stakeholders
  • Focus on technical excellence and service consistency within IM
What we offer
What we offer
  • Free single medical cover and digital GP service
  • Enhanced parental leave pay
  • Free membership of employee assistance and parental programmes
  • Reimbursement towards relevant professional development and memberships
  • Work-life balance and flexibility
  • Hybrid, part-time and flexible working hours, patterns and locations discussed
  • Fulltime
Read More
Arrow Right

Principal Information Manager

At Amentum, we're not just solving problems; we're engineering the future. Our t...
Location
Location
United Kingdom , Reading
Salary
Salary:
Not provided
amentum.com Logo
Amentum
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Commitment to performance, quality, and continuous improvement in IM
  • Ability to engage with clients and support IM solution development
  • Commercial awareness and understanding of IM service delivery
  • Experience working within cross-functional IM teams
  • Expertise in ISO 19650 and related IM standards
  • Strong foundation in Information Management principles
  • Ability to influence policy and standards
  • Focus on performance, quality, and innovation
  • Significant experience in IM or digital delivery
  • Advanced degree or equivalent experience
Job Responsibility
Job Responsibility
  • Support the delivery of Information Management (IM) services across portfolios or frameworks
  • Contribute to shaping IM delivery models
  • Ensure consistent application of IM standards
  • Collaborate with senior stakeholders
  • Focus on technical excellence and service consistency within IM
What we offer
What we offer
  • Free single medical cover and digital GP service
  • Enhanced parental leave pay
  • Free membership of employee assistance and parental programmes
  • Reimbursement towards relevant professional development and memberships
  • Work-life balance and flexibility
  • Hybrid, part-time and flexible working hours, patterns and locations discussed
  • Fulltime
Read More
Arrow Right

Principal Security Engineering Manager

The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions t...
Location
Location
United States , Redmond
Salary
Salary:
142800.00 - 274800.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR equivalent experience
  • 1+ year(s) people management experience
  • Candidates must be able to meet Microsoft, customer and/or government security screening requirements are required for this role
  • These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check
Job Responsibility
Job Responsibility
  • Lead a team that operates and improves production tenant security, driving consistent execution, governance, and hygiene across critical environments
  • Own end-to-end security risk program mechanics: intake → triage → prioritization → burn-down, with clear ownership, milestones, and measurable outcomes
  • Drive platform and operational improvements that reduce recurring misconfigurations, long-lived exceptions, and manual enforcement in production environments
  • Partner with engineering and security teams to strengthen isolation boundaries, reduce attack paths, and maintain durable security controls over time
  • Build and run incident readiness mechanisms (playbooks, coordination, post-incident follow-ups) to improve response effectiveness and reduce repeat issues
  • Develop and coach a high-performing team with a strong planning and execution culture, balancing partner needs with intentional prioritization
  • Fulltime
Read More
Arrow Right

Information Systems Security Manager

Palantir's impact and productivity in the US Government (USG) space depends on o...
Location
Location
United States , New York
Salary
Salary:
100000.00 - 174000.00 USD / Year
palantir.com Logo
Palantir Technologies
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Active US TOP SECRET or SECRET with willingness and ability to upgrade to TOP SECRET security clearance
  • Intermediate level foundational certification ISSM(722) (per DOD 8140), in 8570 this was known as IAM Level 2 certification
  • Active Computing Environmental certification such as Linux+, CCNA, or other
  • At least 3 years experience in a technical role (user support, technical compliance, system administration, etc.) at an accredited USG facility
  • Demonstrated proficiency in relevant Windows administration tasks including AD, DNS, Group Policy, and SCCM/MDT
  • Practical experience with automation tools, including Powershell and Python
Job Responsibility
Job Responsibility
  • Serve as the principal advisor on all matters, technical and otherwise, involving the security of the systems under their purview
  • Scale our infrastructure by creatively implementing automated solutions
  • Collaborate with your fellow ISSMs, ISSOs, FSOs, and broader business stakeholders to provide consistent solutions to all of our facilities
  • Create and manage user-facing guides, POA&Ms, SSPs, ATOs, and other relevant USG documentation
  • Integrate new hardware and software technologies into our USG infrastructure
  • Familiar with eMASS and managing the system security authorization package to ensure all requirements are met and submitted
  • Ensure all requirements and implementation procedures listed within the system security authorization package are in accordance with the NISPOM, NIST SP 800-53, DAAPM, or other governing policies
  • Manage relationships with upstream vendors and sponsors
  • User account provisioning, deletions, and general LDAP & AD maintenance
  • Familiar with using ELK or other SIEMS to build reports and visualizations to ensure monitoring, alerting, and auditing requirements are met
What we offer
What we offer
  • Employees (and their eligible dependents) can enroll in medical, dental, and vision insurance as well as voluntary life insurance
  • Employees are automatically covered by Palantir’s basic life, AD&D and disability insurance
  • Commuter benefits
  • Relocation assistance
  • Take what you need paid time off, not accrual based
  • 2 weeks paid time off built into the end of each year (subject to team and business needs)
  • 10 paid holidays throughout the calendar year
  • Supportive leave of absence program including time off for military service and medical events
  • Paid leave for new parents and subsidized back-up care for all parents
  • Fertility and family building benefits including but not limited to adoption, surrogacy, and preservation
  • Fulltime
Read More
Arrow Right

Principal Security Assurance Engineering Manager

Microsoft’s Specialized Cloud Team in the national security, classified, and hig...
Location
Location
United States , Reston
Salary
Salary:
139900.00 - 274800.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 4+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 6+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection OR equivalent experience
  • 1+ year(s) people management
  • Active U.S. Government Top Secret Clearance with access to Sensitive Compartmented Information (SCI) based on a Single Scope Background Investigation (SSBI) with Polygraph
  • Verification of U.S. citizenship
Job Responsibility
Job Responsibility
  • Enterprise Industrial Security Leadership: Interpret, operationalize, and govern requirements under NISPOM (32 CFR Part 117), SEADs, DoD Instructions, DFARS clauses, and customer specific security directives
  • Anticipate and mitigate enterprise level risks that could jeopardize Facility Clearances (FCLs), classified contracts, or customer trust
  • Cross Organizational Governance & Influence: Drive alignment across Engineering, Operations, Datacenters, Legal (CELA), HR, Physical Security, and secure/sovereign cloud teams
  • Establish clear governance models, accountability mechanisms, and escalation paths
  • Lead high risk decision making involving regulatory exposure, personnel adjudication, insider threat concerns, and facility accreditation
  • Facility Clearance & Classified Environment Management: Provide governance and oversight for the full lifecycle of classified facilities, including SCIFs and SAPF environments
  • Ensure accreditation readiness, material change management, and sustained compliance across facilities and business units
  • Protect Microsoft’s corporate and subordinate FCL posture through proactive risk management
  • Fulltime
Read More
Arrow Right