CrawlJobs Logo
Staffbase Logo Staffbase · IT - Administration

Principal Information Security Manager

Germany, Dresden · Job Posted May 28, 2026
Apply Position
Job Link Share

Job Description

We inspire people to achieve great things together. Our mission is to help organizations unlock the power of inspirational communication with the first AI-native Employee Experience Platform. Our industry-leading and award-winning agentic AI communications channels – intranet, employee app and email solutions – create engaging experiences that connect and empower employees. Headquartered in Chemnitz, Germany and New York City, with offices in Berlin, London, Sydney, Tokyo, Prague, and Minneapolis–St. Paul, our diverse team of 750+ employees supports 2,000+ customers – reaching over 16.4 million employees – in transforming their employee experience. We are proud to be a Unicorn company – privately valued at over $1 billion – demonstrating strong growth, innovation, and lasting impact in our industry. Together, we’re shaping the future of workplace communication. Our information security program is fit for purpose and operationally sound. The next chapter is about making it investor-ready, AI-efficient, and capable of sustaining enterprise customer trust at scale. This is not a build-from-scratch role. It is a step up in maturity: fewer manual processes and sharper governance. The position sits at the center of the InfoSec team; you coordinate across teams, own outcomes and represent the function. You are comfortable being the person customers and auditors talk to. You think in programs and systems, not tasks. You identify where manual effort can be replaced by tooling or AI-assisted workflows, and are empowered to drive that change as we build out our AI-driven operating model across the company.

Job Responsibility

  • Act as the senior deputy for InfoSec within our Finance & Operations department, owning the function day-to-day
  • Lead ISO 27001 and SOC 2 audit cycles end-to-end
  • Own the control framework
  • Prepare the InfoSec program for investor and M&A due diligence scrutiny
  • Own the response to enterprise customer security questionnaires and RFPs
  • Represent Staffbase credibly in customer security reviews, calls, and audits
  • Build scalable approaches to reduce response time
  • Maintain the risk register and drive risk treatment decisions
  • Own vendor security assessments for critical and high-risk suppliers
  • Partner with Procurement and Legal on AI-assisted review workflows
  • Own the internal security policy framework
  • Design and run security awareness programs
  • Own the incident response plan and lead execution when incidents occur
  • Coordinate with Engineering, Legal, and leadership during incidents
  • Drive post-incident reviews and close findings with owners

Requirements

  • 5+ years of hands-on InfoSec experience in a SaaS or B2B tech company
  • Proven ownership of ISO 27001 and/or SOC 2 programs
  • Track record of representing InfoSec to enterprise customers, including security reviews and escalations
  • Fluent in German and English
  • Comfortable with AI-driven tooling
  • actively looks for automation opportunities in compliance and operations
  • Experience supporting or preparing for M&A or investor due diligence processes
  • Background working alongside Legal, Procurement, and Engineering
  • Practical understanding of cloud security architecture (enough to challenge and validate, not operate)
  • Relevant certification: CISM, CISSP, ISO 27001 Lead Auditor/Implementer, or equivalent

Nice to have

  • Experience supporting or preparing for M&A or investor due diligence processes
  • Background working alongside Legal, Procurement, and Engineering
  • Practical understanding of cloud security architecture
  • Relevant certification: CISM, CISSP, ISO 27001 Lead Auditor/Implementer, or equivalent

What we offer

  • Competitive Compensation - we offer attractive salary packages including LTIP
  • Flexibility - we offer flexible working time models and the option of hybrid work, and support this with a yearly flex work allowance of €1560
  • Recharge - with 31 vacation days annually (incl. one floating holiday), plus pro rata fully paid Fridays off during August
  • Support - we're offering a company pension scheme
  • Volunteers Day - you'll get one day off per year for supporting a social project
Staffbase - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Principal Information Security Manager

8 matching positions

Security Principal

As a Security Principal, you'll play a critical role in protecting the integrity...
Location
Location
United States
Salary
Salary:
117500.00 - 270000.00 USD / Year
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in information security, Information Technology, Risk Management, or a related field (master's preferred)
  • Certifications such as CISM, CRISC, or similar preferred
  • 7+ years of experience in Information Security, IT Governance, or Risk Management
  • Hands-on experience in multiple technical security domains, such as: Endpoint protection, Identity and access management (IAM), Vulnerability management, Security logging and monitoring, Network segmentation and zoning, Cloud security controls, Incident detection and response
  • Demonstrated experience managing or governing secure environments, particularly in large or complex organizations
  • Deep understanding of information security principles, frameworks (e.g., NIST, ISO 27001), and regulatory requirements (e.g., GDPR, SOX)
Job Responsibility
Job Responsibility
  • Protecting the integrity of HPE’s labs and non-production environments
  • Ensuring environments are designed, operated, and decommissioned in alignment with security policies, risk frameworks, and regulatory obligations
  • Leading the security program's vision, execution, and ongoing evolution
  • Collaborating between business units, IT, and security
  • Embedding 'secure-by-design' principles in projects
  • Continuously improving governance processes
What we offer
What we offer
  • Health & Wellbeing
  • Personal & Professional Development
  • Unconditional Inclusion
  • Fulltime
Read More
Arrow Right

Principal Security Architect

As a Security Architect, your role involves designing, reviewing, and enhancing ...
Location
Location
United States , San Francisco
Salary
Salary:
164000.00 - 290000.00 USD / Year
ethoslife.com Logo
Ethos
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of experience in Information Security with at least 2 years as a Security Architect
  • Bachelor’s Degree in Computer Science or related field, or an additional 3 years of pertinent work involvement preferred
  • Strong knowledge of prevalent security architectures, frameworks, standards and emerging threats along with strategies and technologies for defense
  • Deep understanding of network protocols, operating systems, databases, applied cryptography, least privilege, zero trust principles, identity & access management, and other core information security concepts
  • Expertise in cloud computing and its associated best security practices encompassing applications, infrastructure, storage, platforms, and data security
  • Ability to conduct threat modeling and risk assessments
  • Ability to come into our San Francisco, CA office once a week
Job Responsibility
Job Responsibility
  • Conduct Threat Modeling & Architectural Assessments to cover all Information Security domains to ensure Security by Design
  • Assess technologies and solutions to develop and enrich security capabilities
  • Identify security gaps and communicate associated business risks to relevant stakeholders
  • Craft solutions that harmonize business needs with security and compliance requirements
  • Verify the effectiveness of security controls in mitigating identified risks
  • Assist engineering projects across the Software Development Life Cycle (SDLC) and collaborate to prioritize product security elements effectively
  • Apply expertise in information security and application development to instigate organizational shifts aimed at managing and resolving security weaknesses and vulnerabilities
  • Contribute to the creation of security policies, standards, and guidelines
  • Devise and implement frameworks for data classification, retention, and disposal to ensure alignment with data privacy regulations
  • Spearhead initiatives for data security awareness and training
  • Fulltime
Read More
Arrow Right

IAM - Privileged Access Management Principal

Principal PAM Architect to lead the strategy, architecture, design, and implemen...
Location
Location
United States , Houston
Salary
Salary:
117500.00 - 270000.00 USD / Year
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience)
  • 8+ years in cybersecurity or IT with demonstrated hands-on PAM specific experience in enterprise-scale environments
  • Proven experience in architecture, design, and implementation of PAM solutions across large, complex enterprises
  • Deep technical expertise with CyberArk (Privileged Cloud and on-prem)
  • Strong knowledge of Zero Trust principles, JIT/JEA access models, and privileged identity lifecycle management
  • Experience integrating PAM with cloud platforms (Azure, AWS, GCP), DevOps pipelines, and enterprise IT ecosystems
  • Experience with secrets management platforms (CyberArk Conjur, HashiCorp Vault, AWS Secrets Manager, etc.)
  • Working knowledge of modern authentication standards (SAML, OIDC, FIDO2, MFA, passwordless)
  • Hands-on expertise with Windows, Linux, Active Directory, and cloud IAM models
  • Good understanding of the privilege access models of Active Directory, Azure/Entra ID, AWS and GCP
Job Responsibility
Job Responsibility
  • Define PAM strategy, roadmap, and reference architectures aligned to enterprise security and compliance requirements
  • Design and implement scalable PAM solutions for large, complex environments across on-prem, hybrid, and multi-cloud infrastructures
  • Incorporate Zero Trust, Just-in-Time (JIT), and Just Enough Access (JEA) models into PAM solutions
  • Lead the enterprise rollout and lifecycle management of CyberArk Privileged Cloud and related modules
  • Implement and manage privileged session monitoring, endpoint privilege management (EPM), and application-to-application password management
  • Drive integration of PAM with identity providers, SIEM/SOAR, ITSM, and DevOps pipelines
  • Establish and enforce policies for privileged access governance, auditing, and regulatory compliance
  • Conduct regular reviews of PAM controls to prevent credential theft, lateral movement, and unauthorized access
  • Act as the PAM subject matter expert (SME), advising executives, architects, and engineering teams on privileged access security
  • Mentor and guide engineering teams on PAM best practices and secure operations
What we offer
What we offer
  • Health & Wellbeing benefits
  • Personal & Professional Development programs
  • Unconditional Inclusion environment
  • Comprehensive benefits suite supporting physical, financial and emotional wellbeing
  • Fulltime
Read More
Arrow Right

Principal Auditor- Cyber, Risk and Analysis Technology Audit

Capital One’s Audit function is a dedicated group of professionals focused on de...
Location
Location
United States , McLean
Salary
Salary:
119400.00 - 163500.00 USD / Year
capitalone.com Logo
Capital One
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s Degree or military experience
  • At least 4 years of experience in information technology (operations, software delivery, access management, microservices), information security (application security, network security, cyber security, data protection), information systems risk management, information systems auditing, or a combination
  • At least 1 year of experience in cloud computing and controls (design, operation, risk management, or auditing)
  • At least 2 years of experience in managing components of audit engagements, project management or a combination
  • At least 2 years of experience in analyzing data extracts to identify trends, patterns, and anomalies, including 1 year of experience in test scripting or coding (writing, reviewing, assessing)
Job Responsibility
Job Responsibility
  • Execute major components of audits, including critical technology functions, cloud-based infrastructure, cybersecurity, risk management, application, and third-party management, as well as the ability to assist in leading components of small to medium size audits
  • Perform risk assessments of business units and technology operations, design and execute audit procedures to verify the effectiveness of existing controls, identify and define issues, review and analyze evidence, and document client processes and procedures
  • Understand the broader context and implications (e.g., financial, legal, reputational, etc.) of the various types of risk affecting the business and critical technology functions
  • Establishes and maintains good client relations during engagements
  • Communicates or assists in communicating the results of some audit projects to management via written reports and oral presentations
  • Identify expectations of the client and take actions to support the client experience
  • Prepare clear, organized and complete documentation to support work performed
  • Self prioritize and effectively plan own work activities managing multiple priorities and tasks across the team to deliver quality results
  • Coordinate with others and proactively take on additional work
  • Deliver appropriate, succinct and organized information, tailoring communication style to audience
What we offer
What we offer
  • performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI)
  • comprehensive, competitive, and inclusive set of health, financial and other benefits
  • Fulltime
Read More
Arrow Right

Principal Technology Auditor- Global Payment Network

Capital One’s Audit function is a dedicated group of professionals focused on de...
Location
Location
United States , Plano; Chicago; Richmond; McLean; New York; Riverwoods; Charlotte
Salary
Salary:
119400.00 - 163500.00 USD / Year
capitalone.com Logo
Capital One
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s Degree or military experience
  • At least 4 years of experience in information technology (operations, software delivery, access management, microservices), information security (application security, network security, cyber security, data protection), information systems risk management, information systems auditing, or a combination
  • At least 2 years of experience in managing audit engagements, project management or a combination
Job Responsibility
Job Responsibility
  • Execute major components of audits, including critical technology functions, cybersecurity, risk management, application, and third-party management, as well as the ability to assist in leading components of small to medium size audits
  • Perform risk assessments of business units and technology operations, design and execute audit procedures to verify the effectiveness of existing controls, identify and define issues, review and analyze evidence, and document client processes and procedures
  • Understand the broader context and implications (e.g., financial, legal, reputational, etc.) of the various types of risk affecting the business and critical technology functions
  • Establishes and maintains good client relations during engagements. Communicates or assists in communicating the results of some audit projects to management via written reports and oral presentations
  • Identify expectations of the client and take actions to support the client experience
  • Prepare clear, organized and complete documentation to support work performed
  • Self prioritize and effectively plan own work activities managing multiple priorities and tasks across the team to deliver quality results
  • Coordinate with others and proactively take on additional work
  • Deliver appropriate, succinct and organized information, tailoring communication style to audience
  • Effectively communicate information, issues and audit progress to teammates, clients and auditor-in-charge
What we offer
What we offer
  • comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being
  • performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI)
  • Fulltime
Read More
Arrow Right
New

Senior Consultant - CRM (Proactive Services) Unit 42

As a Senior Consultant in Unit 42 you will have the opportunity to work across a...
Location
Location
South Korea , Seoul
Salary
Salary:
Not provided
paloaltonetworks.it Logo
Palo Alto Networks Italia
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 3+ years of consulting experience in SOC, security engineering, SIEM administration, and incident management
  • Possess a deep technical knowledge in Security Incident and Event Management (SIEM) platforms, Security Orchestration and Response (SOAR) technologies, Endpoint Protection and Response/Next Gen Protection and Response (EDR/XDR) tools, Next GenFirewalls, Threat Intelligence and Hunting platforms
  • 3+ years of experience performing cloud security advisement and risk assessments based upon industry-accepted standards
  • Hands-on experience with a cloud hosting provider (AWS, Azure, GCP, etc)
  • Experience with a Cloud Application Security Broker - MCAS, Netskope
  • Possess a deep technical knowledge in CASBs, Cloud Platforms and the dependencies around such an environment (WAF, SSO, Cloud Threats, API Security, Cloud Security Posture Management)
  • Former experience with cloud migrations (cloud to cloud, or on-prem to cloud)
  • Experience in performing cyber security threat & risk assessments to support the development of cyber security strategies and roadmaps
  • Technical proficiency in a wide range of cyber risk management services, including cyber threat, risk and control assessments, secure software development practices, penetration testing, vulnerability assessments, among others
  • Sound knowledge of applicable laws, compliance regulations, and industry standards as it relates to privacy, security, and compliance
Job Responsibility
Job Responsibility
  • SOC Advisory
  • Principal Cloud Security
  • Principal Cyber Risk Management
  • Fulltime
Read More
Arrow Right
New

Principal Systems Engineer (ISSO)

2HB Incorporated is seeking a Principal Systems Engineer in order to support its...
Location
Location
United States , Annapolis Junction
Salary
Salary:
Not provided
2hb.com Logo
2HB
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A Bachelor’s degree in a Qualified Engineering Field or a related discipline from an accredited college or university plus twenty (20) years of systems engineering experience OR A High School Diploma or GED plus twenty-four (24) years of general systems engineering experience (any Process Area). OR A Master’s degree in a Qualified Engineering Field or a related discipline from an accredited college or university plus eighteen (18) years of systems engineering experience OR (U) A PhD in a Qualified Engineering Field (See Note 1) or a related discipline from an accredited college or university plus eighteen (18) years of systems engineering experience.
Job Responsibility
Job Responsibility
  • Provide support for a program, organization, system, or enclave’s information assurance program
  • Provide support for proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies
  • Maintain operational security posture for an information system or program to ensure information systems security policies, standards, and procedures are established and followed
  • Assist with the management of security aspects of the information system and perform day-to-day security operations of the system
  • Evaluate security solutions to ensure they meet security requirements for processing classified information
  • Perform vulnerability/risk assessment analysis to support certification and accreditation
  • Provide confirmation management (CM) for information system security software, hardware, and firmware
  • Manage changes to system and assess the security impact of those changes
  • Prepare and review documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs)
  • Support security authorization activities in compliance with National Institute of Standards and Technology Risk Management Framework (NIST RMF).
  • Fulltime
Read More
Arrow Right

Security Engineer II

PagerDuty is seeking an Enterprise Security Engineer to join its global IT Opera...
Location
Location
Canada , Toronto
Salary
Salary:
122000.00 - 185000.00 CAD / Year
https://www.pagerduty.com Logo
PagerDuty
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • At least 3 years of experience in the information security industry, with 2+ years in network security or zero-trust, and 2+ years in security architecture or solution experience
  • Knowledge of Information Security concepts, especially in the areas of security threats, analyzing security logs and driving Incident response
  • Knowledge and practical experience in network security and zero-trust
  • Understanding of the IAM cybersecurity landscape, including identity stores, authentication/authorization, strong authentication, and privileged access management capabilities and methodologies
  • Understanding of security technologies and concepts, including SIEM, MDR/XDR, EDR and vulnerability management
  • Understanding of security best practices and frameworks (e.g., MITRE ATT&CK, NIST Cybersecurity Framework)
  • Knowledge of incident response processes
Job Responsibility
Job Responsibility
  • Partner closely with CISO organization to design and implement enterprise IT security architectures and solutions
  • Tracking the evolution of cutting-edge security technologies, and keeping up to date of the latest security threats and trends
  • Focus on enterprise security and zero-trust technology, serving as the principal technical expert in this area within the Enterprise Security department
  • Monitors security alerts and leads the team in identifying and responding to security threats
  • Monitors systems for vulnerabilities, provides prioritization, and drives remediation efforts
  • Working cross-functionally to triage suspicious activity and drive remediation (performing L2-L3 duties as needed)
  • Analyzing threat intelligence feeds to develop metrics, alerts, and techniques to protect against new and emerging attack vectors
  • Develop metrics, thresholds, alerts, dashboards, and incident response playbooks
  • Drive the design and development of automated security response and maintenance solutions
  • Oversee our workstation vulnerability management & endpoint compliance program
What we offer
What we offer
  • Competitive salary
  • Comprehensive benefits package
  • Flexible work arrangements
  • Company equity
  • ESPP (Employee Stock Purchase Program)
  • Retirement or pension plan
  • Generous paid vacation time
  • Paid holidays and sick leave
  • Dutonian Wellness Days & HibernationDuty - companywide paid days off in addition to PTO
  • Paid parental leave: 22 weeks for pregnant parent, 12 weeks for non-pregnant parent
  • Fulltime
Read More
Arrow Right