Location: Remote

Compensation: offering up to 55K Euro’s per annum.

The Role: Information Security & Compliance Manager

As our first Manager of InfoSec & Compliance, you’ll be the guardian of trust - ensuring we meet the highest standards of data protection, security, and regulatory compliance as we scale globally. You’ll build our compliance framework from the ground up, own enterprise client security reviews, and future-proof our platform for SOC 2, ISO 27001, and global data privacy regulations.

This is a foundational role. You’ll have the autonomy to shape our security posture, define policies, and build the systems that enterprise clients demand.

What You’ll Do

Compliance & Regulatory (40%)

• Own GDPR, CCPA, LGPD, and emerging data privacy regulations across 40+ markets
• Maintain SOC 2 Type II certification (or lead first certification if not yet achieved)
• Prepare for ISO 27001 certification roadmap
• Manage DPIAs (Data Protection Impact Assessments) for new features/markets
• Be the go-to expert for client compliance questionnaires, security reviews, and audits
• Ensure vendor compliance (AWS, payment processors, third-party APIs)

Client Security & Enterprise Sales Enablement (30%)

• Own enterprise client security reviews (infosec questionnaires, pen test reports, architecture reviews)
• Support sales team with security documentation, certifications, and client security calls
• Build & maintain security collateral (security white papers, data flow diagrams, compliance matrices)
• Act as security liaison for enterprise clients (L’Oréal, Unilever, Estée Lauder)
• Negotiate data processing agreements (DPAs) and BAAs

InfoSec Infrastructure & Risk Management (30%)

• Design and implement security policies, procedures, and controls
• Conduct regular risk assessments and threat modeling
• Manage vulnerability management program (pen tests, bug bounties, security scanning)
• Oversee incident response planning and execution
• Drive security awareness training for engineering and ops teams
• Monitor security tools (SIEM, CASB, endpoint protection) and respond to alerts

This is a full time, remote job opportunity.