Information Security Specialist (German-speaking)

TL;DR

Information Security Specialist (German-speaking): Owning the security & compliance lifecycle end-to-end, acting as a trusted advisor to growing companies, and contributing to an AI product, with an accent on driving risk treatment, evidence, gap closure, and leading audits. Focus on tailoring programs across various frameworks (ISO 27001, SOC 2, NIST), hardening tech stacks (AWS/Azure/GCP/Kubernetes/Docker/Terraform), and shaping AI product features for accelerated compliance.

Location: Remote (CET ±2h) within EU time zones. Relocation assistance to Germany available.

Company

hirify.global is building a powerful platform that makes security compliance fast and stress-free for growing companies in Europe, backed by top VCs.

What you will do

• Own the compliance lifecycle: run onboarding, certification, and continuous compliance, including scoping controls, driving risk treatment, evidence, gap closure, drafting roadmaps, and leading audits.
• Harden tech stacks: assess security posture and map controls to AWS/Azure/GCP, Kubernetes/Docker/Terraform, draft new best practices, and prioritize actionable remediation.
• Apply deep framework expertise: tailor security programs across ISO 27001, SOC 2, NIST, and other frameworks to each customer’s environment and objectives.
• Scale delivery & represent hirify.global: build/run runbooks, templates, QA, and knowledge base, communicate with executives, and represent hirify.global in public forums when needed.
• Shape the AI product & platform: translate frontline insights into crisp requirements and partner with Product and Engineering to prioritize and ship features.

Requirements

• German (C1/C2) and English (fluent) is a must for this role.
• 3+ years of hands-on information security and GRC experience, ideally with Big 4 consulting or in-house audit at a high-growth SaaS.
• Led 3+ successful ISO 27001 certification projects as an implementer and/or auditor.
• Hands-on experience with a GRC platform (hirify.global or similar).
• Cloud infrastructure readiness across AWS, Azure, and GCP, with experience in posture analysis and remediation planning.

Nice to have

• Automated internal processes or built own prototypes/tools for compliance with code or no-code tools.
• SOC 2 implementation and audit experience.
• Acted as a DPO before.

Culture & Benefits

• 100% remote work (CET ±2h) with core hours (10am - 4pm CET) using Gather as a virtual office.
• Industry-competitive local salaries with a generous equity package.
• 26 days holiday, in addition to local Public Holidays.
• Comprehensive health insurance.
• €1,000 annual personal development budget.
• Remote workspace budget and access to co-working spaces around the world.
• Annual company retreat to build connections and inspire ideas (e.g., Milan this year).
• Receive the latest tech equipment (MacBook, monitors, headphones).
• Direct access to world-class mentors from top VCs and accelerators.

Hiring process

• 15-minute Intro call with talent team.
• 30-minute meeting with co-founder & CTO.
• Complete a take-home assessment.
• 1.5-hour assessment review and interview with CEO and CISO.
• 45-minute final "Virtual On-Site" with team & Co-Founders in Gather.