Information Security Specialist (German-speaking)

Remote (CET 2h) | Fluent German (C1/C2) & English required. Note: While we prefer a full-time commitment, this role is also available for contractors at 25+ hours per week in the first months.

Our customers are at the heart of everything we do at Secfix. We are looking for an Information Security Specialist to support customers from the DACH region. You will own the security and compliance lifecycle end-to-end from day 1 onboarding through certification and continuous compliance. You will act as a trusted advisor to startups, scaleups and German Mittelstand, improve processes, collaborate across teams, and contribute to a new AI product. You will receive generous equity and benefits, a 100% remote environment, and the chance to grow with a smart, fun, dedicated team.

About Secfix

Secfix is building a platform that makes security compliance fast and stress-free for growing companies in Europe. We have helped dozens of startups and scaleups in the DACH region get audit-ready quickly and are growing.

We are backed by top VCs and founders from unicorns, with a lean team of 20 and growing.

The Information Security Specialist at Secfix is part vCISO, part account manager. You will work with customers from start to finish to assess their current security and compliance framework, provide guidance and recommendations, help implement improvements, and act as their auditor liaison. You will work closely with our CTO on AI product features.

• Own the compliance lifecycle: onboarding, certification, continuous compliance, scope controls (SoA), risk treatment, evidence and gap closure, draft customer roadmaps, lead audits as the primary security point of contact
• Harden tech stack: assess posture and map controls to AWS/Azure/GCP, Kubernetes/Docker/Terraform; draft best practices; prioritize actionable remediation with timelines
• Apply deep framework expertise: tailor programs across ISO 27001, SOC 2, NIST, and more frameworks, aligning requirements to customer environments
• Scale delivery & represent Secfix: build/run runbooks, templates, QA, and knowledge base; communicate with executives and represent Secfix in select public forums
• Shape the AI product & platform: turn frontline insights into requirements; partner with Product and Engineering to prioritize and ship features that accelerate evidence, controls, and remediation

• German (C1/C2) and English (fluent) required
• 3+ years of hands-on information security and GRC experience, ideally with Big 4 or in-house audit in high-growth SaaS
• Led 3+ ISO 27001 certification projects as implementer and/or auditor
• Hands-on experience with a GRC platform (Secfix or similar)
• Cloud readiness across AWS, Azure, and GCP; experience with posture analysis and remediation planning

• Automated internal processes or built prototypes/tools for compliance, with code or no-code
• SOC 2 implementation and audit experience
• Experience as DPO

• Do not lead customer-side audits end-to-end or struggle with documenting controls; do not draft security policies or answer security questionnaires
• Prefer not to onboard into new regulations or infosec standards
• Cannot create cloud security hardening task lists for AWS, Azure and GCP

• 100% remote work with a virtual office in Gather
• Autonomy with core hours 10am–4pm CET; flexible outside core hours
• Competitive local salary
• Generous equity
• 26 days holiday plus local public holidays
• Health insurance
• Personal development budget of 1,000 EUR per year
• Remote workspace budget and access to co-working spaces
• Annual retreat (this year in Milan)
• Latest tech equipment
• Company-wide events and mentorship opportunities

Interview Process

• 15 min – Intro call with talent team
• 30 min – Meet co-founder & CTO
• Take-home assessment
• 1.5 hr – Assessment review and interview with CEO and CISO
• 45 min – Final virtual on-site in Gather

What we offer

• Remote work: 100% remote with a Gather virtual office
• Competitive salary, local rates at or above market
• Equity: generous equity package
• Holidays: 26 days plus local holidays
• Health insurance
• Development budget: 1,000 EUR per year
• Workspace budget and access to co-working spaces
• Annual retreat
• Tech equipment: latest gear
• Company events and mentorship opportunities

Please note: We are an equal-opportunity employer and remote-only company. We hire within EU time zones. We use Gather as our virtual office and maintain a synchronized communication approach.