Information Security Specialist; German-speaking

Information Security Specialist (German‑speaking)

Join to apply for the Information Security Specialist (German‑speaking) role at Secfix.

Remote (CET ±2h) | Fluent German (C1/C2) & English required.

As an Information Security Specialist you will own the security & compliance lifecycle end‑to‑end—from day one onboarding through certification and continuous compliance. You’ll act as a trusted advisor to startups, scale‑ups and German Mittelstand, improve processes, collaborate across teams, and contribute to a new, exciting AI product. This role can be full‑time or contractors (25+ hours per week) in the first few months.

• Own the compliance lifecycle: drive onboarding, certification, continuous compliance, scope controls, risk treatment, evidence and gap closure; draft customer roadmaps; lead audits as the primary security point of contact.
• Harden tech stack: assess posture and map controls to AWS, Azure, GCP, Kubernetes, Docker, Terraform; draft best practices; prioritize actionable remediation with clear timelines.
• Apply deep framework expertise: tailor programs across ISO 27001, SOC 2, NIST and more, aligning requirements to each customer’s environment and objectives.
• Scale delivery & represent Secfix: build runbooks, templates, QA, knowledge base; communicate with executives and represent Secfix in select public forums.
• Shape the AI product & platform: translate frontline insights into requirements; partner with Product and Engineering to prioritize and ship features that accelerate evidence, controls and remediation.

• German (C1/C2) and English (fluent) are required.
• 3+ years of hands‑on information security and GRC experience, ideally with Big 4 consulting or in‑house audit at a high‑growth SaaS.
• Led 3+ successful ISO 27001 certification projects as an implementer and/or auditor.
• Hands‑on experience with a GRC platform such as Secfix or similar.
• Cloud infrastructure readiness across AWS, Azure, GCP; experience with posture analysis and remediation planning.

• Automated internal processes and built compliance prototypes or tools using code or no‑code.
• SOC 2 implementation and audit experience.
• Former DPO experience.

• Lead customer‑side audits end‑to‑end, confidently answering auditor questions under pressure.
• Build and automate new internal processes.
• Draft security policies, custom documents and answer questionnaires, cross‑map controls.
• Get onboarded into a new regulation or infosec standard.
• Create lists of relevant cloud security hardening tasks for AWS, Azure and GCP.

• 100% remote work, enhanced by a virtual office in Gather.
• Flexibility & Autonomy: core hours 10 am–4 pm CET, otherwise trust your productivity.
• Industry‑competitive base salary (local rates at or above the market).
• Generous equity package.
• 26 days holiday + local public holidays.
• Health insurance.
• A personal development budget of €1,000 per year.
• Remote workspace budget and access to co‑working spaces worldwide.
• Annual retreat to build connections and inspire ideas.
• Latest tech equipment (Mac Book, monitors, headphones).
• Company‑wide events to foster collaboration and fun.
• Direct access to world‑class mentors from top VCs and accelerators.
• Support for moving to Germany and visa assistance through Deel.

• 15 min – Intro call with the talent team.
• 30 min – Meet the co‑founder & CTO.
• Take‑home assessment.
• 1.5 hr – Assessment review and interview with the CEO and CISO.
• 45 min – Final “Virtual On‑Site” with the team & co‑founders in Gather.

We are an equal‑opportunity employer and remote‑only company. We can support hiring only within EU time zones and cannot support 100% asynchronous work.

Mid‑Senior level, Full‑time.