All jobs

Principal Information Security Manager

Staffbase4h ago
Chemnitz, Sachsen, GermanyOnsite$1Full-timePrincipal Level10+ yrs exp

Top focus

Security ArchitectSecurity Engineer
  • About Staffbase
  • We inspire people to achieve great things together. Our mission is to help organizations unlock the power of inspirational communication with the first AI-native Employee Experience Platform . Our industry-leading and award-winning agentic AI communications channels - intranet, employee app and email solutions - create engaging experiences that connect and empower employees.
  • Headquartered in Chemnitz, Germany and New York City, with offices in Berlin, London, Sydney, Tokyo, Prague
  • Minneapolis–St. Paul, our diverse team of 750+ employees supports 2,000+ customers—reaching over 16.4 million employees—in transforming their employee experience.
  • We are proud to be a Unicorn company—privately valued at over $1 billion—demonstrating strong growth, innovation, and lasting impact in our industry. Together, we’re shaping the future of workplace communication.
  • Our information security program is fit for purpose and operationally sound. The next chapter is about making it investor-ready, AI-efficient, and capable of sustaining enterprise customer trust at scale.
  • This is not a build-from-scratch role. It is a step up in maturity: fewer manual processes and sharper governance.
  • The position sits at the center of the InfoSec team; you coordinate across teams, own outcomes and represent the function. You are comfortable being the person customers and auditors talk to.
  • You think in programs and systems, not tasks. You identify where manual effort can be replaced by tooling or AI-assisted workflows
  • are empowered to drive that change as we build out our AI-driven operating model across the company.
  • What you’ll be doing
  • You will act as the senior deputy for InfoSec within our Finance & Operations department, owning the function day-to-day, representing it internally and externally
  • making it run with less friction and more intelligence.
  • You report directly to the SVP Business Operations & Transformation and work closely with Legal, Procurement, Engineering, external auditors and enterprise customers.
  • You will own;
  • Compliance & Audit
  • Lead ISO 27001 and SOC 2 audit cycles end-to-end in preparation, evidence collection, auditor management, and findings remediation
  • Own the control framework and ensure it stays current as the business evolves
  • Prepare the InfoSec program for investor and M&A due diligence scrutiny
  • Customer Trust
  • Own the response to enterprise customer security questionnaires and RFPs
  • Represent Staffbase credibly in customer security reviews, calls, and audits
  • Build scalable approaches (automation, templates, knowledge base) to reduce response time without sacrificing quality
  • Risk & Vendor Security
  • Maintain the risk register and drive risk treatment decisions with relevant stakeholders
  • Own vendor security assessments for critical and high-risk suppliers
  • Partner with Procurement and Legal on AI-assisted review workflows
  • Policy & Awareness
  • Own the internal security policy framework, keep it current, understandable, and enforced
  • Design and run security awareness programs that change behaviour, not just tick boxes
  • Incident Response
  • Own the incident response plan and lead execution when incidents occur
  • Coordinate with Engineering, Legal, and leadership during incidents
  • Drive post-incident reviews and close findings with owners
  • What you need to be successful
  • Essential Experience
  • 5+ years of hands-on InfoSec experience in a SaaS or B2B tech company
  • Proven ownership of ISO 27001 and/or SOC 2 programs
  • Track record of representing InfoSec to enterprise customers, including security reviews and escalations
  • Must be fluent in German and English
  • Comfortable with AI-driven tooling; actively looks for automation opportunities in compliance and operations
  • Highly Desirable
  • Experience supporting or preparing for M&A or investor due diligence processes
  • Background working alongside Legal, Procurement, and Engineering
  • Practical understanding of cloud security architecture (enough to challenge and validate, not operate)
  • Relevant certification: CISM, CISSP, ISO 27001 Lead Auditor/Implementer, or equivalent. Certification matters less than what you have built
  • What you'll get
  • Competitive Compensation - we offer attractive salary packages including LTIP (unit-based Long Term Incentive Plan)
  • Flexibility - we offer flexible working time models and the option of hybrid work, and support this with a yearly flex work allowance of €1560
  • Recharge - with 31 vacation days annually (incl. one floating holiday), plus pro rata fully paid Fridays off during August
  • Support - we’re offering a company pension scheme
  • Volunteers Day - you’ll get one day off per year for supporting a social project

Required skills

ISO 27001SOC 2Risk ManagementVendor SecurityComplianceAudit
Posted on JobRush — the end-to-end AI job-search platform.