secfix - Senior Information Security Specialist (German-speaking)

• You will own one of the most important pillars of Secfix: the quality and breadth of our compliance offering. We don't (and can't afford to) micro-manage. We've built strong foundations and will give you full context on what works. You can test new approaches, but at the end of the day, you have full ownership of how you deliver results (with a strong support network from within and outside the company). You will: • Own and drive the compliance roadmap inside the Secfix platform across different compliance frameworks (ISO 27001, TISAX, SOC 2, GDPR, NIS 2, DORA, ISO 27017/27018, ISO 42001, C5, and more as we expand) • Implement ISO 27001 and adjacent frameworks end-to-end for customers • Mentor and upskill the compliance team: sharing expertise, reviewing work, and helping drive consistency in audits and customer deliverables • Conduct internal audits directly for strategic and complex customers, and review the internal audits performed by junior team members to drive quality and consistency • Act as a compliance partner to CSMs and sales reps: fast, reliable support for customer questions, and joining customer calls when deep expertise is needed • Own the quality of compliance content in the platform (including creating policies, evidence templates, Compliance enable playbooks for our CSMs, security awareness trainings and more) • Close framework gaps and incorporate auditor feedback into both team practice and platform improvements • Partner with product and engineering to translate compliance gaps into structured product work • Collaborate closely with CS, Product, and Founders to align compliance, customer, and roadmap priorities • Deepen relationships with our existing certification partners and train auditors on the Secfix platform so they can confidently use it during customer audits • To be qualified for this role, you must have the following: • German (C1/C2) and English (fluent) is a must for this role • 5+ years of hands‑on information security and GRC experience in B2B SaaS • Led 3+ successful ISO 27001 certification projects as an implementer and/or auditor at a startup or mid-market company • Hands on experience with a GRC platform like Secfix, or similar GRC platforms • Cloud infrastructure readiness across AWS, Azure, and GCP; experience with posture analysis and remediation planning • Strong project management skills with the ability to break down ambiguous initiatives into concrete deliverables, prioritizes ruthlessly, and ships • Excellent written communication, especially in producing clear, precise compliance content for diverse audiences (auditors, founders, engineers) • Strong ownership mindset: operates as a senior individual contributor without waiting for direction • Experience implementing one or two additional compliance frameworks (e.g. SOC 2, GDPR, NIS 2, etc.) • Experience mentoring or coaching colleagues in a compliance, audit, or GRC context • Experience in a startup environment is a plus