other
Posted Oct 3, 2025Information Security Specialist (German-speaking)
at Secfix
Remote
Responsibilities
- - Own the compliance lifecycle: run onboarding → certification → continuous compliance; scope controls (SoA), drive risk treatment, evidence and gap closure; draft customer roadmaps; lead audits to a clean pass as the primary security point of contact.
- - Build and automate new internal processes - Draft, create security policies, custom security documents and answer security questionnaires, cross-map controls - Get onboarded into a new regulation or infosec standards - Create lists of relevant cloud security hardening tasks for AWS, Azure and GCP
Requirements
- As an Information Security Specialist, you’ll own the security & compliance lifecycle end‑to‑end—from day 1 onboarding through certification and continuous compliance.
- You’ll act as a trusted advisor to startups, scaleups and German Mittelstand, improve processes, collaborate across teams, and contribute to a new, exciting AI product.
- Aside from the day to day work, you'll be working closely with our CTO on new AI product features.
- - Harden tech stack: assess posture and map controls to AWS/Azure/GCP, Kubernetes/Docker/Terraform; draft new best practices; prioritize actionable remediation with clear timelines.
- - Apply deep framework expertise: tailor programs across ISO 27001, SOC 2, NIST, and more frameworks, aligning
- requirements to each customer’s environment and objectives. - Scale delivery & represent Secfix: build/run runbooks, templates, QA, and knowledge base; communicate with executives and, when needed, represent Secfix in select public forums. - Shape the AI product & platform: turn frontline insights into crisp requirements; partner with Product and Engineering to prioritize and ship features that accelerate evidence, controls, and remediation.
- To be qualified for this role, you must have the following: - German (C1/C2) and English (fluent) is a must for this role - 3+ years of hands‑on information security and GRC experience, ideally with Big 4 consulting or in‑house audit at a high‑growth SaaS. - Led 3+ successful ISO 27001 certification projects as an implementer and/or auditor - Hands on
- experience with a GRC platform—Secfix, or similar GRC platforms - Cloud infrastructure readiness across AWS, Azure, and GCP;
- experience with posture analysis and remediation planning Bonus - You have automated internal processes and built your own prototypes or tools for compliance before with code or no-code tools - SOC 2 implementation and audit