Information Security Officer – Compliance

Job Description

Lead compliance efforts as the Information Security Officer at our company. Ensure adherence to GDPR, Swiss FADP, and CCPA regulations across all operations. Manage data subject requests and maintain privacy policies. Drive formalization of security controls and coordinate penetration testing. Own the risk register and evaluate security tooling. Prepare the company for ISO 27001 or SOC 2 certification. Collaborate with legal counsel and support sales with compliance documentation. Integrate product-level compliance into engineering workflows.

Qualifications

1. 3-5+ years of experience in information security, data protection, or compliance roles, ideally in a B2B software or SaaS environment. 2. Working knowledge of GDPR and Swiss FADP, including hands-on experience with ROPAs, DPAs, DSR handling, and data transfer mechanisms. 3. Familiarity with security frameworks and controls like ISO 27001, SOC 2, or similar. 4. Ability to build and maintain a risk register and drive risk mitigation across teams. 5. Strong written and verbal communication in English (working language). German is a significant plus. 6. Pragmatic and structured: prioritize effectively for a 50-person company. 7. Comfortable working independently within a supportive environment.

Benefits

- 30 vacation days with flexible scheduling. - Flexible working hours. - Sabbatical leave available after two years of employment. - 16 weeks of parental leave at 100% salary for all new parents. - Pet-friendly Zurich office. - A well-being budget of up to 2,000 CHF annually for training, development, and well-being purposes. - Possibility of a Phantom stock option plan (PSOP). - Hack days for team challenges and innovation.