Information Security Officer (ISO)

📍 Eindhoven (Hybrid - 2 days/week onsite) | Full-time

This is what you tell people at parties 👋

“At Sendcloud, we build Europe’s leading shipping automation platform - helping over 25,000 e-commerce businesses grow. I help make sure we can scale fast and safely: keeping our ISO 27001 security program strong, turning security risks into clear decisions, and working with Engineering, Platform, IT, Legal/Privacy and Support to protect our customers, our people, and our business. Security here is a business enabler - not a checkbox.”

What you will do in this role 🧐

We’re looking for an Information Security Officer who can combine pragmatic governance with hands-on program leadership. You’ll own our information security program and help ensure our ISO 27001 ISMS stays healthy and audit-ready - while driving real security improvements across the company.

This is a role for someone who enjoys building clarity, influencing stakeholders, and making sure important work actually gets done.

You’ll be involved in:

Owning our ISO 27001 ISMS (and keeping it always-on) → internal audits, evidence, management reviews, corrective actions, and external audit readiness;

Running security risk management that leads to decisions → maintaining a living risk register, driving mitigations with owners and timelines, and enabling explicit risk acceptance when needed;

Driving security governance that teams can actually use → practical policies and standards for access, data handling, vendor risk, and incident response;

Leading security incident governance → classification, escalation, post-incident learning loops, and preventing repeats (in partnership with Platform/Engineering/Support);

Managing third-party and vendor security risk → risk tiering, due diligence, and working with Legal on security requirements and ongoing assurance;

Enabling safe use of AI and agentic workflows → clear guardrails for AI tooling and automation so we can adopt AI safely without slowing teams down (including visibility on shadow IT/AI in collaboration with IT/Platform);

Reporting and stakeholder alignment → clear updates to leadership on security posture, top risks, incidents, audit outcomes, and progress.

Our perfect match 💗

• 5+ years of experience in information security, GRC, security program management, compliance, or a related field (ideally in SaaS/tech or a fast-paced scale-up);
• Proven experience operating or significantly contributing to an ISO 27001 ISMS and driving audit readiness and remediation;
• Strong stakeholder management - you can influence, challenge, and drive follow-through across Engineering, Product, Platform, IT, and senior leadership;
• Pragmatic mindset: you balance security, speed, and customer impact using risk-based thinking;
• Strong written and verbal communication in English - you can turn complex topics into clear actions and decisions;
• A hands-on, ownership mentality: you don’t just write policies - you help make them real!
  
  

Nice-to-have ✨

• Experience preparing for SOC 2 readiness or similar assurance frameworks
• Familiarity with AI governance / AI risk management concepts and modern GenAI risks (or strong curiosity to learn fast)
• Certifications like CISSP, CISM, CISA, Security+, ISO 27001 Lead Implementer/Auditor 
• Experience with vendor security reviews, security questionnaires, and enterprise customer trust requirements

You share our core values

💩 No bullshit: We value honesty, transparency, and openness. Mistakes are for learning.
🎯 Grow & Win: Keep learning and improving - from each other, from challenges, and from feedback.
🎠 Have fun: Be yourself! We work hard together and enjoy the ride as a team.

What we offer 👋

• A high-impact role with real ownership and visibility across the company
• The opportunity to shape how Sendcloud scales trust and security in 2026+
• Work closely with Engineering, Platform, IT, Legal/Privacy, Support and leadership - no siloed “security department”
• Support for professional development and relevant certifications
• Flexible hybrid work model + €500 home office budget 🏠
• 28 holidays per year (based on full-time) + a free day off around your birthday 🎉
• 4-week paid sabbatical after 3 years at Sendcloud 🏝️
• €2,000 annual study budget 📚
• Access to the Sendcloud gym & weekly Bootcamp and Boxing sessions 💪
• Pension scheme
• Health insurance discount
  
  

All CVs must be submitted in English.