Description

As an Information Security Compliance Manager, you will oversee the ISO 27001 ISMS and privacy program, ensuring compliance with GDPR and HIPAA. This role involves leading audits, driving corrective actions, and translating security requirements into actionable tasks for the team.

Requirements

• •3–5 years of experience in information security compliance / ISMS / GRC in a tech or SaaS environment
• •Hands-on ownership of an ISO/IEC 27001 ISMS in a certified organization
• •Audit experience in external audits and successful closure of findings
• •Ability to plan/execute internal audits and drive corrective actions
• •Practical GDPR operations experience
• •Comfort working in environments processing health data
• •Solid technical foundation to collaborate with Engineering on controls
• •Excellent English communication skills; German is a plus
• •Pragmatic doer mindset
• •Structured and reliable with strong follow-through
• •Confident stakeholder manager
• •Audit-ready thinking
• •Clear communicator and translator
• •Ownership mentality
• •Based in Europe with European citizenship or active working visa

Tasks

• •Take ownership of the certified ISO 27001 ISMS
• •Maintain and improve the ISO 27001 system with Vanta support
• •Lead internal and external surveillance audits
• •Evolve GDPR setup to include HIPAA requirements
• •Prepare for and support surveillance audits
• •Ensure evidence readiness and stakeholder preparation for audits
• •Drive corrective actions to closure with measurable outcomes
• •Run the internal audit program
• •Align ISO 27001 and GDPR processes for security and privacy governance
• •Expand the privacy program to include HIPAA-related requirements
• •Translate security and privacy requirements into actionable tasks for Engineering and Operations
• •Enhance compliance operations scalability using Vanta
• •Prepare for future SOC 2 and NIST needs

Benefits