Compliance & Information Security Manager

About

If you are a compliance and security professional with SaaS B2B experience, join us to co-create the future of Corporate Open Innovation!

Responsibilities

   •    Manage vendor security processes, including completing security questionnaires(IT checks) and incorporating security language into contractual agreements.
    •    Develop and maintain policies and guidelines regarding information security and compliance.
    •    Manage our security and compliance activities, such as our TISAX recertification and annual penetration testing.
    •    Act as the central point of contact regarding security and compliance with the Product, Law consultants, and Clients' IT teams.
    •    Help Product leadership articulate security and compliance requirements when evaluating third-party products.
    •    Take a pragmatic approach to balance security best practices with business needs.
    •    Develop, implement, review, and assess the Information Security Management System (ISMS) for compliance and effectiveness, ensuring alignment with regulatory requirements and market demands (including a security strategy, roadmap, policies, procedures, guidelines, and controls).

Your profile

    •  Ability to conduct threat and risk assessments and help the Product grow while covering minimal pragmatic requirements.
    • German speaker - Highly preferable
    • Knowledge and experience designing controls and processes for TISAX and/or ISO 27001 requirements.
    • Hands-on experience with information security, particularly in cloud-based environments(AWS, Azure, or GCP).
    • A strong understanding of privacy requirements (GDPR).
    • Experience working with developer and product teams to improve security processes and integrate security tooling.
    • Experience managing and completing incoming vendor security reviews and collaborating with legal and procurement teams on contractual agreements.
    • Sufficient technical competence to understand relevant concepts and support ongoing projects and technology efforts.
    • Excellent interpersonal skills to communicate complex technical concepts to various stakeholders.
    • High professional standards and strong attention to detail.