Information Security Officer, Eindhoven

At Sendcloud, we build Europe’s leading shipping automation platform – helping over 25,000 e‑commerce businesses grow. I help make sure we can scale fast and safely: keeping our ISO 27001 security program strong, turning security risks into clear decisions, and working with Engineering, Platform, IT, Legal/Privacy and Support to protect our customers, our people, and our business. Security here is a business enabler – not a checkbox.

What you will do in this role

Owning our ISO 27001 ISMS (and keeping it always‑on): internal audits, evidence, management reviews, corrective actions, and external audit readiness.

Running security risk management that leads to decisions: maintaining a living risk register, driving mitigations with owners and timelines, and enabling explicit risk acceptance when needed.

Driving security governance that teams can actually use: practical policies and standards for access, data handling, vendor risk, and incident response.

Leading security incident governance: classification, escalation, post‑incident learning loops, and preventing repeats (in partnership with Platform, Engineering, and Support).

Managing third‑party and vendor security risk: risk tiering, due diligence, and working with Legal on security requirements and ongoing assurance.

Enabling safe use of AI and agentic workflows: clear guardrails for AI tooling and automation so we can adopt AI safely without slowing teams down (including visibility on shadow IT/AI in collaboration with IT/Platform).

Being at the table for architecture decisions with security impact: you’ll participate in relevant architecture forums as a required security reviewer (not the decision maker), especially around identity/auth migrations, service‑to‑service patterns, and high blast‑radius platform changes – to help teams catch security implications early and keep delivery moving.

Reporting and stakeholder alignment: clear updates to leadership on security posture, top risks, incidents, audit outcomes, and progress.

Qualifications

3+ (typically 5+) years of relevant experience, with proven ownership of an ISMS/audit cycle (ISO 27001 or equivalent) and the ability to drive cross‑functional remediation independently (ideally in SaaS/tech or a fast‑paced scale‑up). This is not an entry‑level role – you’ll be expected to lead audits, run risk governance, and influence Engineering leadership (EM to VP).

Proven experience operating or significantly contributing to an ISO 27001 ISMS and driving audit readiness and remediation.

Strong stakeholder management– you can influence, challenge, and drive follow‑through across Engineering, Product, Platform, IT, and senior leadership.

Pragmatic mindset: balancing security, speed, and customer impact using risk‑based thinking.

Strong written and verbal communication in English– you can turn complex topics into clear actions and decisions.

A hands‑on, ownership mentality: you don’t just write policies – you help make them real!

Experience preparing for SOC 2 readiness or similar assurance frameworks.

Familiarity with AI governance / AI risk management concepts and modern GenAI risks (or strong curiosity to learn fast).

Certifications such as CISSP, CISM, CISA, Security+, ISO 27001 Lead Implementer/Auditor (helpful, not required).

Experience with vendor security reviews, security questionnaires, and enterprise customer trust requirements.

What we offer

A high‑impact role with real ownership and visibility across the company.

The opportunity to shape how Sendcloud scales trust and security in 2026+.

Work closely with Engineering, Platform, IT, Legal/Privacy, Support and leadership– no siloed “security department”.

Support for professional development and relevant certifications.

Flexible hybrid work model +€500 home office budget.

28 holidays per year (based on full‑time) + a free day off around your birthday.

4‑week paid sabbatical after 3 years at Sendcloud.

€2,000 annual study budget.

Access to the Sendcloud gym&weekly Bootcamp and Boxing sessions.

#J-18808-Ljbffr