Information Security & Compliance Lead - Remote

About the Role

We are seeking an experienced Information Security & Compliance Lead to take ownership of our organization’s security governance, risk, and compliance programs. This Information Security & Compliance Lead remote role is critical in maintaining our ISO 27001 certification, strengthening our security posture, and ensuring regulatory compliance across all business functions.

What You'll Do

• Drive a culture of security and collaborate closely with internal stakeholders, control owners, and external partners to uphold robust security standards.
• Maintain and continuously improve the ISO 27001 Information Security Management System (ISMS).
• Collaborate with control owners to ensure timely and effective implementation of technical and organizational controls.
• Lead and conduct internal audits, coordinate external audits, and manage audit findings to closure.
• Drive and maintain a risk management process, including risk identification, assessment, treatment, and reporting.
• Own and update security policies, procedures, and awareness programs across the organization.
• Conduct vendor and third-party security assessments (including DPAs and security questionnaires).
• Prepare and deliver risk and compliance reports for the Head of IT and the Board of Directors.
• Monitor changes in relevant laws and regulations (e.g., GDPR, NIS2) and adjust practices accordingly.
• Support incident response planning and exercises in cooperation with technical teams.
• Collaborate with IT, Legal, People & Culture, and other functions to ensure alignment on compliance requirements and initiatives.

Requirements

• Proven experience (3+ years) in Information Security, Risk, or Compliance roles.
• In-depth knowledge of ISO 27001 standards and certification process.
• Experience conducting internal audits and managing external audits.
• Familiarity with frameworks such as NIST, CIS, ITIL, or COBIT.
• Strong understanding of risk management principles, data protection (e.g., GDPR), and regulatory compliance.
• Excellent communication skills with the ability to present to senior management and non-technical stakeholders.
• Ability to work independently, influence others, and drive cross-functional initiatives.
• Experience with GRC tools, vendor assessment platforms, or audit management tools is a plus.
• Relevant certifications such as CISM, CISSP, ISO 27001 Lead Implementer/Auditor, or similar are preferred.

Nice to Have

• Experience in a diverse working environment.
• Familiarity with advanced technologies such as AI and automation.
• Proven track record of driving compliance initiatives.

What We Offer

• A diverse working environment where you can contribute your ideas and potential in the long term.
• Intensive induction and development opportunities for your professional and personal growth.
• Flat hierarchies and an open corporate culture that values teamwork and fun at work.
• Flexible trust-based working hours with mobile office options.
• An attractive salary package including standard benefits (MultiSport, LuxMed, Life Insurance, etc.).
• Company events and team-building activities to enrich everyday working life.
• Support for work-life balance, allowing for flexibility in personal responsibilities.