Information Security Officer (ISO), Eindhoven

Security&IT

Information Security Officer (ISO) This is what you tell people at parties

“At Sendcloud, we build Europe’s leading shipping automation platform - helping over 25,000 e-commerce businesses grow. I help make sure we can scale fast and safely: keeping our ISO 27001 security program strong, turning security risks into clear decisions, and working with Engineering, Platform, IT, Legal/Privacy and Support to protect our customers, our people, and our business. Security here is a business enabler - not a checkbox.”

What you will do in this role

We’re looking for an

Information Security Officer

who can combine

pragmatic governance

with

hands‑on program leadership . You’ll own our information security program and help ensure our ISO 27001 ISMS stays healthy and audit‑ready while driving real security improvements across the company.

This is a role for someone who enjoys building clarity, influencing stakeholders, and making sure important work actually gets done.

You’ll be involved in:

Owning our ISO 27001 ISMS (and keeping it always‑on) →

internal audits, evidence, management reviews, corrective actions, and external audit readiness

Running security risk management that leads to decisions→

maintaining a living risk register, driving mitigations with owners and timelines, and enabling explicit risk acceptance when needed

Driving security governance that teams can actually use→

practical policies and standards for access, data handling, vendor risk, and incident response

Leading security incident governance→

classification, escalation, post‑incident learning loops, and preventing repeats (in partnership with Platform/Engineering/Support)

Managing third‑party and vendor security risk →

risk tiering, due diligence, and working with Legal on security requirements and ongoing assurance

Enabling safe use of AI and agentic workflows→

clear guardrails for AI tooling and automation so we can adopt AI safely without slowing teams down (including visibility on shadow IT/AI in collaboration with IT/Platform)

Being at the table for architecture decisions with security impact→

you’ll participate in relevant architecture forums as a required security reviewer (not the decision maker), especially around identity/auth migrations, service‑to‑service patterns, and high blast‑radius platform changes - to help teams catch security implications early and keep delivery moving

Reporting and stakeholder alignment→

clear updates to leadership on security posture, top risks, incidents, audit outcomes, and progress

Our perfect match

3+ (typically 5+) years of relevant experience , with

proven ownership

of an

ISMS/audit cycle

(ISO 27001 or equivalent) and the ability to drive

cross‑functional remediation

independently (ideally in SaaS/tech or a fast‑paced scale‑up).

This is not an entry‑level role

- you’ll be expected to lead audits, run risk governance, and influence Engineering leadership (EM to VP)

Proven experience

operating or significantly contributing to an ISO 27001 ISMS

and driving audit readiness and remediation

Strong stakeholder management - you can

influence, challenge, and drive follow‑through

across Engineering, Product, Platform, IT, and senior leadership

Pragmatic mindset: you balance security, speed, and customer impact using

risk‑based thinking

Strong written and verbal communication in English - you can turn complex topics into clear actions and decisions

A hands‑on, ownership mentality: you don’t just write policies - you help make them real

Nice‑to‑have ✨

Experience preparing for

SOC 2

readiness or similar assurance frameworks

Familiarity with

AI governance / AI risk management

concepts and modern GenAI risks (or strong curiosity to learn fast)

Certifications like

CISSP, CISM, CISA, Security+, ISO 27001 Lead Implementer/Auditor

(helpful, not required)

Experience with vendor security reviews, security questionnaires, and enterprise customer trust requirements

You share our core values

No bullshit : We value honesty, transparency, and openness. Mistakes are for learning. Grow&Win : Keep learning and improving - from each other, from challenges, and from feedback. Have fun : Be yourself! We work hard together and enjoy the ride as a team.

What we offer

A high‑impact role with real ownership and visibility across the company

The opportunity to shape how Sendcloud scales trust and security in 2026+

Work closely with Engineering, Platform, IT, Legal/Privacy, Support and leadership - no siloed“security department”

Support for professional development and relevant certifications

Flexible hybrid work model +

€500 home office budget

28 holidays

per year (based on full‑time) + a free day off around your birthday

4‑week paid sabbatical

after 3 years at Sendcloud️

€2,000 annual study budget

Access to the Sendcloud gym&weekly Bootcamp and Boxing sessions

Pension scheme

Health insurance discount

All CVs must be submitted in English.

#J-18808-Ljbffr