Information Security Officer (ISO)

📍 Eindhoven (Hybrid - 2 days/week onsite) | Full-time

This is what you tell people at parties 👋

"At Sendcloud, we build Europe’s leading shipping automation platform - helping over 25,000 e-commerce businesses grow. I help make sure we can scale fast and safely: keeping our ISO 27001 security program strong, turning security risks into clear decisions, and working with Engineering, Platform, IT, Legal/Privacy and Support to protect our customers, our people, and our business. Security here is a business enabler - not a checkbox."

What you will do in this role 🧐

We’re looking for an Information Security Officer who can combine pragmatic governance with hands-on program leadership. You’ll own our information security program and help ensure our ISO 27001 ISMS stays healthy and audit-ready - while driving real security improvements across the company.

This is a role for someone who enjoys building clarity, influencing stakeholders, and making sure important work actually gets done.

You’ll be involved in:

Owning our ISO 27001 ISMS (and keeping it always-on) → internal audits, evidence, management reviews, corrective actions, and external audit readiness

Running security risk management that leads to decisions → maintaining a living risk register, driving mitigations with owners and timelines, and enabling explicit risk acceptance when needed

Driving security governance that teams can actually use → practical policies and standards for access, data handling, vendor risk, and incident response

Leading security incident governance → classification, escalation, post-incident learning loops, and preventing repeats (in partnership with Platform/Engineering/Support)

Managing third-party and vendor security risk → risk tiering, due diligence, and working with Legal on security requirements and ongoing assurance

Enabling safe use of AI and agentic workflows → clear guardrails for AI tooling and automation so we can adopt AI safely without slowing teams down (including visibility on shadow IT/AI in collaboration with IT/Platform)

Being at the table for architecture decisions with security impact → you’ll participate in relevant architecture forums as a required security reviewer (not the decision maker), especially around identity/auth migrations, service-to-service patterns, and high blast-radius platform changes - to help teams catch security implications early and keep delivery moving

Reporting and stakeholder alignment → clear updates to leadership on security posture, top risks, incidents, audit outcomes, and progress

Our perfect match 💗

• 3+ (typically 5+) years of relevant experience, with proven ownership of an ISMS/audit cycle (ISO 27001 or equivalent) and the ability to drive cross-functional remediation independently (ideally in SaaS/tech or a fast-paced scale-up). This is not an entry-level role - you’ll be expected to lead audits, run risk governance, and influence Engineering leadership (EM to VP)


• Proven experience operating or significantly contributing to an ISO 27001 ISMS and driving audit readiness and remediation


• Strong stakeholder management - you can influence, challenge, and drive follow-through across Engineering, Product, Platform, IT, and senior leadership


• Pragmatic mindset: you balance security, speed, and customer impact using risk-based thinking


• Strong written and verbal communication in English - you can turn complex topics into clear actions and decisions


• A hands-on, ownership mentality: you don’t just write policies - you help make them real
  
  

Nice-to-have ✨

• Experience preparing for SOC 2 readiness or similar assurance frameworks


• Familiarity with AI governance / AI risk management concepts and modern GenAI risks (or strong curiosity to learn fast)


• Certifications like CISSP, CISM, CISA, Security+, ISO 27001 Lead Implementer/Auditor (helpful, not required)


• Experience with vendor security reviews, security questionnaires, and enterprise customer trust requirements

You share our core values

💩 No bullshit: We value honesty, transparency, and openness. Mistakes are for learning.
🎯 Grow & Win: Keep learning and improving - from each other, from challenges, and from feedback.
🎠 Have fun: Be yourself! We work hard together and enjoy the ride as a team.

What we offer 👋

• A high-impact role with real ownership and visibility across the company


• The opportunity to shape how Sendcloud scales trust and security in 2026+


• Work closely with Engineering, Platform, IT, Legal/Privacy, Support and leadership - no siloed "security department"


• Support for professional development and relevant certifications


• Flexible hybrid work model + €500 home office budget 🏠


• 28 holidays per year (based on full-time) + a free day off around your birthday 🎉


• 4-week paid sabbatical after 3 years at Sendcloud 🏝️


• €2,000 annual study budget 📚


• Access to the Sendcloud gym & weekly Bootcamp and Boxing sessions 💪


• Pension scheme


• Health insurance discount
  
  

All CVs must be submitted in English.