Information Security Officer (ISO)

At Sendcloud, we build Europe’s leading shipping automation platform, helping over 25,000 e-commerce businesses grow. In this role, you help make sure the company can scale fast and safely: keeping the ISO 27001 security program strong, turning security risks into clear decisions, and working with Engineering, Platform, IT, Legal/Privacy and Support to protect customers, people, and the business. Security here is a business enabler, not a checkbox.

Information Security Officer (ISO)

This is what you will do in this role 🧐

We’re looking for an Information Security Officer who can combine pragmatic governance with hands-on program leadership. You’ll own our information security program and help ensure our ISO 27001 ISMS stays healthy and audit-ready while driving real security improvements across the company.

This is a role for someone who enjoys building clarity, influencing stakeholders, and making sure important work actually gets done.

You’ll be involved in:

Owning our ISO 27001 ISMS (and keeping it always-on)

• Internal audits, evidence, management reviews, corrective actions, and external audit readiness

Running security risk management that leads to decisions

• Maintaining a living risk register, driving mitigations with owners and timelines, and enabling explicit risk acceptance when needed

Driving security governance that teams can actually use

• Practical policies and standards for access, data handling, vendor risk, and incident response

Leading security incident governance

• Classification, escalation, post-incident learning loops, and preventing repeats in partnership with Platform, Engineering, and Support

Managing third-party and vendor security risk

• Risk tiering, due diligence, and working with Legal on security requirements and ongoing assurance

Enabling safe use of AI and agentic workflows

• Clear guardrails for AI tooling and automation so teams can adopt AI safely without slowing down, including visibility on shadow IT/AI in collaboration with IT and Platform

Being at the table for architecture decisions with security impact

• You’ll participate in relevant architecture forums as a required security reviewer, especially around identity/auth migrations, service-to-service patterns, and high blast-radius platform changes, helping teams catch security implications early and keep delivery moving

Reporting and stakeholder alignment

• Clear updates to leadership on security posture, top risks, incidents, audit outcomes, and progress

Our perfect match 💗

• 3+ (typically 5+) years of relevant experience, with proven ownership of an ISMS/audit cycle (ISO 27001 or equivalent) and the ability to drive cross-functional remediation independently, ideally in SaaS, tech, or a fast-paced scale-up. This is not an entry-level role.
• Proven experience operating or significantly contributing to an ISO 27001 ISMS and driving audit readiness and remediation
• Strong stakeholder management: you can influence, challenge, and drive follow-through across Engineering, Product, Platform, IT, and senior leadership
• Pragmatic mindset: you balance security, speed, and customer impact using risk-based thinking
• Strong written and verbal communication in English: you can turn complex topics into clear actions and decisions
• A hands-on, ownership mentality: you don’t just write policies, you help make them real

Nice-to-have ✨

• Experience preparing for SOC 2 readiness or similar assurance frameworks
• Familiarity with AI governance / AI risk management concepts and modern GenAI risks, or strong curiosity to learn fast
• Certifications like CISSP, CISM, CISA, Security+, ISO 27001 Lead Implementer/Auditor are helpful but not required
• Experience with vendor security reviews, security questionnaires, and enterprise customer trust requirements

You share our core values

💩 No bullshit: We value honesty, transparency, and openness. Mistakes are for learning.
🎯 Grow & Win: Keep learning and improving from each other, from challenges, and from feedback.
🎠 Have fun: Be yourself! We work hard together and enjoy the ride as a team.

What we offer 👋

• A high-impact role with real ownership and visibility across the company
• The opportunity to shape how Sendcloud scales trust and security in 2026+
• Work closely with Engineering, Platform, IT, Legal/Privacy, Support and leadership
• Support for professional development and relevant certifications
• Flexible hybrid work model + €500 home office budget 🏠
• 28 holidays per year based on full-time + a free day off around your birthday 🎉
• 4-week paid sabbatical after 3 years at Sendcloud 🏝️
• €2,000 annual study budget 📚
• Access to the Sendcloud gym and weekly Bootcamp and Boxing sessions 💪
• Pension scheme
• Health insurance discount

All CVs must be submitted in English.