Principal Information Security Manager

<div class="content-intro"><h3><strong>About Staffbase</strong></h3>
<p>We inspire people to achieve great things together. Our mission is to help organizations unlock the power of inspirational communication with the first <strong>AI-native Employee Experience Platform</strong>. Our<strong> industry-leading and award-winning agentic AI communications channels</strong> - intranet, employee app and email solutions - create engaging experiences that connect and empower employees.</p>
<p>Headquartered in Chemnitz, Germany and New York City, with offices in Berlin, London, Sydney, Tokyo, Prague, and Minneapolis–St. Paul, our diverse team of 750+ employees supports 2,000+ customers—reaching over 16.4 million employees—in transforming their employee experience.<br>We are proud to be a <strong data-stringify-type="bold">Unicorn</strong> company—privately valued at over $1 billion—demonstrating strong growth, innovation, and lasting impact in our industry. Together, we’re shaping the future of workplace communication.</p></div><p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Our information security program is fit for purpose and operationally sound. The next chapter is about making it investor-ready, AI-efficient, and capable of sustaining enterprise customer trust at scale.</span></p>
<p><span style="font-family: arial, helvetica, sans-serif;"><span style="font-size: 14pt;">This is not a build-from-scratch role. It is a step up in maturity: fewer manual processes and sharper governance.<br><br></span><span style="font-size: 14pt;">The position sits at the center of the InfoSec team; you coordinate across teams, own outcomes and represent the function. You are comfortable being the person customers and auditors talk to. <br><br></span><span style="font-size: 14pt;">You think in programs and systems, not tasks. You identify where manual effort can be replaced by tooling or AI-assisted workflows, and are empowered to drive that change as we build out our AI-driven operating model across the company.</span></span></p>
<p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><strong>What you’ll be doing</strong></span></p>
<p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">You will act as the senior deputy for InfoSec within our Finance &amp; Operations department, owning the function day-to-day, representing it internally and externally, and making it run with less friction and more intelligence.</span></p>
<p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">You report directly to the SVP Business Operations &amp; Transformation and work closely with Legal, Procurement, Engineering, external auditors and enterprise customers.<br><br>You will own;</span></p>
<p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><strong>Compliance &amp; Audit</strong></span></p>
<ul>
<li style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif;"><span style="font-size: 14pt;">Lead ISO 27001 and SOC 2 audit cycles end-to-end in preparation, evidence collection, auditor management, and findings remediation</span></span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Own the control framework and ensure it stays current as the business evolves</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Prepare the InfoSec program for investor and M&amp;A due diligence scrutiny</span></li>
</ul>
<p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><strong>Customer Trust</strong></span></p>
<ul>
<li style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Own the response to enterprise customer security questionnaires and RFPs</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Represent Staffbase credibly in customer security reviews, calls, and audits</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Build scalable approaches (automation, templates, knowledge base) to reduce response time without sacrificing quality</span></li>
</ul>
<p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><strong>Risk &amp; Vendor Security</strong></span></p>
<ul>
<li style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Maintain the risk register and drive risk treatment decisions with relevant stakeholders</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Own vendor security assessments for critical and high-risk suppliers</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif;"><span style="font-size: 14pt;">Partner with Procurement and Legal on AI-assisted review workflows</span></span></li>
</ul>
<p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><strong>Policy &amp; Awareness</strong></span></p>
<ul>
<li style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Own the internal security policy framework, keep it current, understandable, and enforced</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Design and run security awareness programs that change behaviour, not just tick boxes</span></li>
</ul>
<p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><strong>Incident Response</strong></span></p>
<ul>
<li style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Own the incident response plan and lead execution when incidents occur</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Coordinate with Engineering, Legal, and leadership during incidents</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Drive post-incident reviews and close findings with owners</span></li>
</ul>
<p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><strong>What you need to be successful </strong></span></p>
<p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><strong>Essential Experience</strong></span></p>
<ul class="ul1">
<li class="li1" style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">5+ years of hands-on InfoSec experience in a SaaS or B2B tech company</span></li>
<li class="li1" style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Proven ownership of ISO 27001 and/or SOC 2 programs</span></li>
<li class="li1" style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Track record of representing InfoSec to enterprise customers, including security reviews and escalations</span></li>
<li class="li1" style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Fluent in German and English</span></li>
<li class="li1" style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Comfortable with AI-driven tooling; actively looks for automation opportunities in compliance and operations</span></li>
</ul>
<p class="p1"><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><strong>Highly Desirable</strong></span></p>
<ul class="ul1">
<li class="li1" style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Experience supporting or preparing for M&amp;A or investor due diligence processes</span></li>
<li class="li1" style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Background working alongside Legal, Procurement, and Engineering</span></li>
<li class="li1" style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Practical understanding of cloud security architecture (enough to challenge and validate, not operate)</span></li>
<li class="li1" style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Relevant certification: CISM, CISSP, ISO 27001 Lead Auditor/Implementer, or equivalent. Certification matters less than what you have built</span></li>
</ul>
<p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><strong>What you'll get </strong></span></p>
<ul>
<li style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><span style="font-family: arial, helvetica, sans-serif;"><em>Competitive Compensation</em> - we offer attractive salary packages including LTIP (unit-based Long Term Incentive Plan)</spa

Diese Anzeige stammt von ats_greenhouse. Originalanzeige ansehen ↗