Information Security Officer (ISO)
<p style="text-align: center;">📍 <strong>Eindhoven (Hybrid - 3 days/week onsite)</strong> | <strong>Full-time<br><br></strong></p>
<h3><strong>This is what you tell people at parties 👋</strong></h3>
<p>“At Sendcloud, we build Europe’s leading shipping automation platform - helping over 25,000 e-commerce businesses grow. I help make sure we can scale fast and safely: keeping our ISO 27001 security program strong, turning security risks into clear decisions, and working with Engineering, Platform, IT, Legal/Privacy and Support to protect our customers, our people, and our business. Security here is a business enabler - not a checkbox.”</p>
<h3><strong>What you will do in this role 🧐</strong></h3>
<p>We’re looking for an <strong>Information Security Officer</strong> who can combine <strong>pragmatic governance</strong> with <strong>hands-on program leadership</strong>. You’ll own our information security program and help ensure our ISO 27001 ISMS stays healthy and audit-ready - while driving real security improvements across the company.</p>
<p>This is a role for someone who enjoys building clarity, influencing stakeholders, and making sure important work actually gets done.</p>
<p>You’ll be involved in:</p>
<p><strong>Owning our ISO 27001 ISMS (and keeping it always-on) →</strong> internal audits, evidence, management reviews, corrective actions, and external audit readiness</p>
<p><strong>Running security risk management that leads to decisions →</strong> maintaining a living risk register, driving mitigations with owners and timelines, and enabling explicit risk acceptance when needed</p>
<p><strong>Driving security governance that teams can actually use →</strong> practical policies and standards for access, data handling, vendor risk, and incident response</p>
<p><strong>Leading security incident governance →</strong> classification, escalation, post-incident learning loops, and preventing repeats (in partnership with Platform/Engineering/Support)</p>
<p><strong>Managing third-party and vendor security risk →</strong> risk tiering, due diligence, and working with Legal on security requirements and ongoing assurance</p>
<p><strong>Enabling safe use of AI and agentic workflows →</strong> clear guardrails for AI tooling and automation so we can adopt AI safely without slowing teams down (including visibility on shadow IT/AI in collaboration with IT/Platform)</p>
<p><strong>Being at the table for architecture decisions with security impac</strong>t → you’ll participate in relevant architecture forums as a required security reviewer (not the decision maker), especially around identity/auth migrations, service-to-service patterns, and high blast-radius platform changes - to help teams catch security implications early and keep delivery moving</p>
<p><strong>Reporting and stakeholder alignment →</strong> clear updates to leadership on security posture, top risks, incidents, audit outcomes, and progress</p>
<h3><strong>Our perfect match 💗</strong></h3>
<ul>
<li><strong>3+ (typically 5+) years of relevant experience</strong>, with <strong>proven</strong> <strong>ownership</strong> of an<strong> ISMS/audit cycle</strong> (ISO 27001 or equivalent) and the ability to drive<strong> cross-functional remediation</strong> independently (ideally in SaaS/tech or a fast-paced scale-up). <strong>This is not an entry-level role</strong> - you’ll be expected to lead audits, run risk governance, and influence Engineering leadership (EM to VP)</li>
<li>Proven experience <strong>operating or significantly contributing to an ISO 27001 ISMS</strong> and driving audit readiness and remediation</li>
<li>Strong stakeholder management - you can <strong>influence, challenge, and drive follow-through</strong> across Engineering, Product, Platform, IT, and senior leadership</li>
<li>Pragmatic mindset: you balance security, speed, and customer impact using <strong>risk-based thinking</strong></li>
<li>Strong written and verbal communication in English - you can turn complex topics into clear actions and decisions</li>
<li>A hands-on, ownership mentality: you don’t just write policies - you help make them real<br><br></li>
</ul>
<h3><strong>Nice-to-have ✨</strong></h3>
<ul>
<li>Experience preparing for <strong>SOC 2</strong> readiness or similar assurance frameworks</li>
<li>Familiarity with <strong>AI governance / AI risk management</strong> concepts and modern GenAI risks (or strong curiosity to learn fast)</li>
<li>Certifications like <strong>CISSP, CISM, CISA, Security+, ISO 27001 Lead Implementer/Auditor</strong> (helpful, not required)</li>
<li>Experience with vendor security reviews, security questionnaires, and enterprise customer trust requirements</li>
</ul>
<h3><strong>You share our core values</strong></h3>
<p>💩 <strong>No bullshit</strong>: We value honesty, transparency, and openness. Mistakes are for learning.<br>🎯 <strong>Grow & Win</strong>: Keep learning and improving - from each other, from challenges, and from feedback.<br>🎠 <strong>Have fun</strong>: Be yourself! We work hard together and enjoy the ride as a team.</p>
<h3><strong>What we offer 👋</strong></h3>
<ul>
<li>A high-impact role with real ownership and visibility across the company</li>
<li>The opportunity to shape how Sendcloud scales trust and security in 2026+</li>
<li>Work closely with Engineering, Platform, IT, Legal/Privacy, Support and leadership - no siloed “security department”</li>
<li>Support for professional development and relevant certifications</li>
<li>Flexible hybrid work model + <strong>€500 home office budget</strong> 🏠</li>
<li><strong>28 holidays</strong> per year (based on full-time) + a free day off around your birthday 🎉</li>
<li><strong>4-week paid sabbatical</strong> after 3 years at Sendcloud 🏝️</li>
<li><strong>€2,000 annual study budget</strong> 📚</li>
<li>Access to the Sendcloud gym & weekly Bootcamp and Boxing sessions 💪</li>
<li>Pension scheme</li>
<li>Health insurance discount<br><br></li>
</ul>
<p><strong>All CVs must be submitted in English.</strong></p>
Deze vacature komt van ats_greenhouse. Originele vacature bekijken ↗