(Senior) Information Security Officer -

As the (Senior) Information Security Officer, you will be the primary architect of our security governance and risk management structure. You will operate as an independent voice, transitioning our security posture from a supporting function to a strategic pillar. This is a "ground-up" build where you will define the security DNA of a scaling SaaS group, ensuring we remain a trusted partner for global enterprise customers in an increasingly regulated landscape (NIS2, ISO 27001)., * Strategy & Roadmap: Develop and implement a group-wide information security and compliance strategy aligned with ISO 27001 and upcoming regulatory requirements like NIS2.

• ISMS Development: Build and operate a robust Information Security Management System (ISMS), starting with a structured gap analysis and a prioritized delivery roadmap.
• Security Governance: Define clear security requirements across Product, Engineering, and IT, ensuring implementation through accountable ownership and clear documentation.
• Risk Management: Identify, assess, and clearly communicate security risks, enabling leadership to make pragmatic, risk-based decisions aligned with business priorities.
• Compliance Expert: Act as the primary expert and main point of contact for security topics during enterprise customer discussions, external audits, and due diligence processes.
• Technical Advocacy: Collaborate closely with IT Ops and Engineering to embed "Security by Design" into modern cloud (AWS and Azure) and product architectures.
• Stakeholder Influence: Serve as a solution-oriented advisor to the board and senior management, translating complex technical risks into clear business impact., * Work in a truly international, collaborative environment: With 40+ nationalities, English as our working language, and teams across Europe, collaboration and shared ownership are part of how we work every day.
• Grow with autonomy and trust: We invest heavily in product, data, and people - giving you the space to take responsibility, contribute ideas, challenge others, and do your best work while helping shape how we scale.

Benefits

• Vacation: 30 days
• Benefits: Urban Sports Club membership, Hrmony subscription, JobRad, or a subsidy for a BVG ticket.
• Health & Wellbeing: 1 mental health day per year and access to the Nilo.health platform.
• Learning & Development: Clear career paths and an annual learning budget of €2,000, among other opportunities.
• Home Office? No problem! We have a beautiful office in the heart of Berlin where we meet twice a week.
• Workation: Up to 12 weeks of remote work from any country or continent you want!
• Autonomy: We want to hire you for your expertise and knowledge, and we'll give you the space to do your best work.
• Sustainable Growth: We are profitable and continue to grow - in a highly sustainable way, backed by a leading private-equity firm focused on technology and software.
• Culture: You'll join a highly collaborative and high-performing team where you can contribute ideas, challenge others, and be challenged yourself.

• Information Security Expertise: Several years of experience in a security or compliance role, specifically building or significantly improving an ISMS (ISO 27001) in a SaaS or tech-driven environment.
• Regulatory Knowledge: Deep understanding of frameworks such as NIS2, DORA, or similar compliance regimes, with the ability to translate legal text into operational reality.
• Applied Technical Credibility: Experience in cloud security, infrastructure, or DevSecOps, allowing you to define requirements that are both secure and technically feasible.
• Strategic Thinking: Ability to combine domain expertise with big-picture thinking to anticipate trends and identify strategic opportunities for the group.
• Stakeholder Management: Exceptional communication skills with the ability to influence senior leadership and cross-functional teams without formal authority.
• Executional Excellence: A proven track record of driving high-quality results by setting clear priorities, removing obstacles, and following through on complex roadmaps.
• Pragmatism: A risk-based approach to security that balances high-standard regulatory requirements with business agility and resource constraints.
• Languages: English C1. German is a plus given our DACH footprint.