Senior Compliance Specialist - Remote Opportunity

About the Role

We are looking for a Senior Compliance Specialist to join our security team in a fully remote capacity. As a Senior Compliance Specialist, you will be responsible for maintaining and continuously improving our compliance posture across key frameworks including ISO 27001, SOC 2, GDPR, C5, and NIST. This role is critical as you will work closely with engineering, legal, and operations teams to ensure our processes, controls, and documentation meet regulatory and customer requirements.

What You'll Do

• Maintain and improve existing ISO 27001, SOC 2, GDPR, C5, and NIST compliance programs.
• Own the audit lifecycle—prepare for, coordinate, and support internal and external audits.
• Maintain and update policies, procedures, and control documentation.
• Monitor regulatory changes and assess their impact on the company.
• Conduct gap analyses and track remediation of compliance findings.
• Work with engineering and DevOps teams to ensure technical controls meet compliance requirements.
• Manage and respond to customer security questionnaires and due diligence requests.
• Conduct risk assessments and maintain the risk register.
• Coordinate with third-party auditors, assessors, and legal counsel.
• Drive compliance awareness across the organization.

Requirements

• 5+ years in information security compliance, GRC, or a related role.
• Hands-on experience maintaining ISO 27001, SOC 2, GDPR, C5, and/or NIST programs.
• Strong understanding of audit processes and control frameworks.
• Experience managing policy and documentation lifecycle.
• Ability to translate compliance requirements into actionable tasks for technical teams.
• Experience handling customer security questionnaires and vendor assessments.
• Solid understanding of risk assessment methodologies.
• Strong written and verbal communication skills in English.
• Located and authorized to work in Germany, UK, or France.

Nice to Have

• Relevant certifications: CISM, CISA, CISSP, ISO 27001 Lead Auditor/Implementer, CDPSE.
• Experience with GRC platforms (Vanta, Drata, Tugboat Logic, or similar).
• Familiarity with cloud security compliance (AWS, GCP, Azure).
• Experience in a SaaS or B2B software company.

What We Offer

• Awarded Best Managed Company of Switzerland by Deloitte in 2024 and 2025.
• Bi-Annual Company Wide Trips (2023 Armenia, 2025 Switzerland, and more to come!).
• Fully Remote Work from either Germany, UK, or France.
• High Flexibility.
• Employee-Focused Culture.
• Innovative and Collaborative Team.
• Great Working Conditions.