Apply on Employer Site

Secfix · 3 months ago

Information Security Specialist (German-speaking)

United States

Full-time

Remote

Mid, Senior Level

3+ years exp

Secfix is a company focused on building a powerful platform for security compliance, primarily serving clients in the DACH region. The Information Security Specialist will manage the security and compliance lifecycle for customers, acting as a trusted advisor and collaborating with teams to enhance processes and contribute to AI product development.

B2BBusiness DevelopmentCloud SecurityComplianceCyber SecurityInformation TechnologyPenetration TestingSmall and Medium Businesses

Responsibilities

Own the compliance lifecycle: run onboarding → certification → continuous compliance; scope controls (SoA), drive risk treatment, evidence and gap closure; draft customer roadmaps; lead audits to a clean pass as the primary security point of contact

Harden tech stack: assess posture and map controls to AWS/Azure/GCP, Kubernetes/Docker/Terraform; draft new best practices; prioritize actionable remediation with clear timelines

Apply deep framework expertise: tailor programs across ISO 27001, SOC 2, NIST, and more frameworks, aligning requirements to each customer’s environment and objectives

Scale delivery & represent Secfix: build/run runbooks, templates, QA, and knowledge base; communicate with executives and, when needed, represent Secfix in select public forums

Shape the AI product & platform: turn frontline insights into crisp requirements; partner with Product and Engineering to prioritize and ship features that accelerate evidence, controls, and remediation

Qualification

Information SecurityGRC ExperienceISO 27001 CertificationCloud InfrastructureAWSAzureGCPGerman (C1/C2)Soft Skills

Required

German (C1/C2) and English (fluent) is a must for this role

3+ years of hands‑on information security and GRC experience, ideally with Big 4 consulting or in‑house audit at a high‑growth SaaS

Led 3+ successful ISO 27001 certification projects as an implementer and/or auditor

Hands on experience with a GRC platform—Secfix, or similar GRC platforms

Cloud infrastructure readiness across AWS, Azure, and GCP; experience with posture analysis and remediation planning

Preferred

You have automated internal processes and built your own prototypes or tools for compliance before with code or no-code tools

SOC 2 implementation and audit experience

You acted as DPO before

Benefits

100% remote work - enhanced by our virtual office in Gather.

Flexibility & Autonomy - we have core hours of 10am - 4pm CET but outside of this we trust you to work wherever/whenever you feel most productive.

Industry-competitive base salary. We pay local rates that are at or above the market. We share this philosophy with GitLab.

Generous equity package: we’re all owners of Secfix and benefit from our collective success.

26 days holiday, in addition to local Public Holidays.

Health Insurance.

A Personal Development Budget of 1,000 EUR per year - available for whatever you wish to support your health and fitness, mental health, and learning & development.

Remote workspace budget to enhance your home office, and access to co-working spaces around the world should you need it.

Annual retreat to build connections and inspire ideas - last year we headed to Portugal, this year we’ll be in Milan!

Receive the latest tech equipment (MacBook, monitors, headphones).

Company-Wide Events to foster collaboration, learn from each other and have some fun.

We are backed by top VCs and accelerators. Get direct access to world-class mentors.

Secfix is run by international founders in Germany. We can help you move to Germany and get a visa or just hire you locally with our partner Deel. And we have a track record! Our Customer Success Manager moved to Germany from Brazil and our Account Executive from LA.

Have more ideas for perks? You can make them a reality at Secfix 🙂.