This role is responsible for leading and evolving the organization's information security posture. You will maintain and enhance the ISO/IEC 27001:2022-compliant Information Security Management System (ISMS), ensuring alignment with GDPR, NIST CSF, and NIS2 principles. Your work will center on strengthening policies, managing risk, and driving continuous compliance through audits, assessments, and certification cycles.
Key Responsibilities
- Lead internal security audits, risk evaluations, and renewal processes for compliance certifications
- Update and enforce security controls and policies across technical and operational domains
- Manage security integrations and alerting workflows in Datadog SIEM, CrowdStrike, Cloudflare, and Google Workspace
- Support deployment and monitoring of Data Loss Prevention (DLP) systems and track security events centrally
- Investigate security incidents including phishing attempts, unauthorized access, and data exposure
- Collect and analyze digital evidence from endpoint, network, and cloud platforms
- Refine incident response procedures and escalation paths, and deliver post-event reports with actionable recommendations
- Collaborate with HR, Legal, and IT during internal investigations requiring cross-functional coordination
- Oversee endpoint security through MDM solutions including Zoho MDM and Endpoint Central, with a focus on macOS compliance
- Enforce secure access practices including SSO, MFA, and Just-in-Time privilege elevation across all systems
- Conduct regular access reviews, including Quarterly RAS assessments, to maintain strict access governance
- Ensure CrowdStrike Falcon configurations are optimized and endpoint protection remains effective
Qualifications
You bring at least three years of experience in information security, IT audit, or digital forensics. Familiarity with ISO 27001, GDPR, and modern security frameworks is essential. You have hands-on experience with SIEM and EDR tools, and a proven ability to manage SSO, MFA, DLP, and MDM environments. Strong written and verbal communication skills in English (B2 or higher) are required, along with a detail-oriented and ethical approach to risk and compliance.
Preferred qualifications include certifications such as CISSP, CISM, CEH, ISO 27001 Lead Auditor, or AWS Security Specialty. Experience with Zero Trust architectures, Privileged Access Management (PAM), CASB/DLP solutions, SOAR platforms, or digital forensics is highly valued. Prior work in security awareness training or phishing simulation exercises is a plus.
Work Environment
This position supports a flexible work model with remote capabilities and adaptable scheduling. You will operate within a collaborative, security-focused culture that values compliance, resilience, and ongoing professional growth. The role works closely with senior technical leadership, including the CTO, Head of IT, and DevOps teams, to align security initiatives with business objectives.
Compensation & Benefits
- Competitive base salary in EUR, reviewed annually based on performance
- Transparent quarterly bonus structure
- Flexible and remote work options
- Comprehensive medical insurance for employee and partner
- Financial support for major life events
- Unlimited paid vacation and sick leave
- Reimbursement for professional development, certifications, and training
