Information Security Officer
Match jouw profiel
Solliciteren
Plaats
EindhovenNederland
Nederland
Contract
Vooltijds, Onbepaalde duurDatum gepubliceerd
2026-05-15Online tot
2026-07-14EUR 15.00 HOUR
Information Security Officer
*Eindhoven (Hybrid - 3 days/week onsite)* | *Full-time* Geïnteresseerd in deze functie? U vindt alle relevante informatie in de omschrijving hieronder. *This is what you tell people at parties *“At Sendcloud, we build Europe’s leading shipping automation platform - helping over 25,000 e-commerce businesses grow. I help make sure we can scale fast and safely: keeping our ISO 27001 security program strong, turning security risks into clear decisions, and working with Engineering, Platform, IT, Legal/Privacy and Support to protect our customers, our people, and our business. Security here is a business enabler - not a checkbox.”*What you will do in this role * We’re looking for an *Information Security Officer* who can combine *pragmatic governance* with *hands-on program leadership*. You’ll own our information security program and help ensure our ISO 27001 ISMS stays healthy and audit-ready - while driving real security improvements across the company. This is a role for someone who enjoys building clarity, influencing stakeholders, and making sure important work actually gets done. You’ll be involved in: *Owning our ISO 27001 ISMS (and keeping it always-on) →* internal audits, evidence, management reviews, corrective actions, and external audit readiness *Running security risk management that leads to decisions →* maintaining a living risk register, driving mitigations with owners and timelines, and enabling explicit risk acceptance when needed *Driving security governance that teams can actually use →* practical policies and standards for access, data handling, vendor risk, and incident response *Leading security incident governance →* classification, escalation, post-incident learning loops, and preventing repeats (in partnership with Platform/Engineering/Support)*Managing third-party and vendor security risk →* risk tiering, due diligence, and working with Legal on security requirements and ongoing assurance *Enabling safe use of AI and agentic workflows →* clear guardrails for AI tooling and automation so we can adopt AI safely without slowing teams down (including visibility on shadow IT/AI in collaboration with IT/Platform)*Being at the table for architecture decisions with security impac*t → you’ll participate in relevant architecture forums as a required security reviewer (not the decision maker), especially around identity/auth migrations, service-to-service patterns, and high blast-radius platform changes - to help teams catch security implications early and keep delivery moving *Reporting and stakeholder alignment →* clear updates to leadership on security posture, top risks, incidents, audit outcomes, and progress *Our perfect match ** *3+ (typically 5+) years of relevant experience*, with *proven* *ownership* of an *ISMS/audit cycle* (ISO 27001 or equivalent) and the ability to drive *cross-functional remediation* independently (ideally in SaaS/tech or a fast-paced scale-up). *This is not an entry-level role* - you’ll be expected to lead audits, run risk governance, and influence Engineering leadership (EM to VP)
* Proven experience *operating or significantly contributing to an ISO 27001 ISMS* and driving audit readiness and remediation
* Strong stakeholder management - you can *influence, challenge, and drive follow-through* across Engineering, Product, Platform, IT, and senior leadership
* Pragmatic mindset: you balance security, speed, and customer impact using *risk-based thinking*
* Strong written and verbal communication in English - you can turn complex topics into clear actions and decisions
* A hands-on, ownership mentality: you don’t just write policies - you help make them real *Nice-to-have ** Experience preparing for *SOC 2* readiness or similar assurance frameworks
* Familiarity with *AI governance / AI risk management* concepts and modern GenAI risks (or strong curiosity to learn fast)
* Certifications like *CISSP, CISM, CISA, Security+, ISO 27001 Lead Implementer/Auditor* (helpful, not required)
* Experience with vendor security reviews, security questionnaires, and enterprise customer trust requirements *You share our core values**No bullshit*: We value honesty, transparency, and openness. Mistakes are for learning.
*Grow & Win*: Keep learning and improving - from each other, from challenges, and from feedback.
*Have fun*: Be yourself! We work hard together and enjoy the ride as a team. xxqafcf *What we offer ** A high-impact role with real ownership and visibility across the company
* The opportunity to shape how Sendcloud scales trust and security in 2026+
* Work closely with Engineering, Platform, IT, Legal/Privacy, Support and leadership - no siloed “security department”
* Support for professional development and relevant certifications
* Flexible hybrid work model + *€500 home office budget*
* *28 holidays* per year (based on full-time) + a free day off around your birthday
* *4-week paid sabbatical* after 3 years at Sendcloud
* *€2,000 annual study budget*
* Access to the Sendcloud gym & weekly Bootcamp and Boxing sessions
* Pension scheme
* Health insurance discount *All CVs must be submitted in English.* Job Type: Full-time Pay: €60.000,00 - €90.000,00 per year Work Location: In person
* Proven experience *operating or significantly contributing to an ISO 27001 ISMS* and driving audit readiness and remediation
* Strong stakeholder management - you can *influence, challenge, and drive follow-through* across Engineering, Product, Platform, IT, and senior leadership
* Pragmatic mindset: you balance security, speed, and customer impact using *risk-based thinking*
* Strong written and verbal communication in English - you can turn complex topics into clear actions and decisions
* A hands-on, ownership mentality: you don’t just write policies - you help make them real *Nice-to-have ** Experience preparing for *SOC 2* readiness or similar assurance frameworks
* Familiarity with *AI governance / AI risk management* concepts and modern GenAI risks (or strong curiosity to learn fast)
* Certifications like *CISSP, CISM, CISA, Security+, ISO 27001 Lead Implementer/Auditor* (helpful, not required)
* Experience with vendor security reviews, security questionnaires, and enterprise customer trust requirements *You share our core values**No bullshit*: We value honesty, transparency, and openness. Mistakes are for learning.
*Grow & Win*: Keep learning and improving - from each other, from challenges, and from feedback.
*Have fun*: Be yourself! We work hard together and enjoy the ride as a team. xxqafcf *What we offer ** A high-impact role with real ownership and visibility across the company
* The opportunity to shape how Sendcloud scales trust and security in 2026+
* Work closely with Engineering, Platform, IT, Legal/Privacy, Support and leadership - no siloed “security department”
* Support for professional development and relevant certifications
* Flexible hybrid work model + *€500 home office budget*
* *28 holidays* per year (based on full-time) + a free day off around your birthday
* *4-week paid sabbatical* after 3 years at Sendcloud
* *€2,000 annual study budget*
* Access to the Sendcloud gym & weekly Bootcamp and Boxing sessions
* Pension scheme
* Health insurance discount *All CVs must be submitted in English.* Job Type: Full-time Pay: €60.000,00 - €90.000,00 per year Work Location: In person
Meer banen van je zoekopdracht
Operator Extrusie | 5-ploegendienst | Kunststof Drainageputten
- Zwaagdijk
- 16 mei 2026
Housing Mortgage Specialist (Central Team)
- Diemen
- 16 mei 2026
Adviseur Zakelijk Intermediair
- Groningen
- 16 mei 2026
Maaimachinist
- Benningbroek
- 16 mei 2026
Technisch Tekenaar
- Oosterwolde
- 16 mei 2026
Lasser
- Alkmaar
- 16 mei 2026
Chauffeur C
- Amsterdam
- 16 mei 2026
QHSE Manager
- Nijmegen
- 16 mei 2026
Kok AVR
- Botlek
- 16 mei 2026
CAD Tekenaar
- Tiel
- 16 mei 2026
Storingsmonteur 3 ploegen
- Stellendam
- 16 mei 2026
Verpleegkundige via in Zuid-Holland, Haaglanden, 's-Gravenhage • o.a. Extramurale zorg (zorg thuis)
- The Hague
- 16 mei 2026
Global Category Manager HR, Audit, Risk & Travel Category
- Oude Meer
- 16 mei 2026