Principal Information Security Manager
Staffbase•4h ago
Chemnitz, Sachsen, GermanyOnsite$1Full-timePrincipal Level10+ yrs exp
Top focus
Security ArchitectSecurity Engineer
- About Staffbase
- We inspire people to achieve great things together. Our mission is to help organizations unlock the power of inspirational communication with the first AI-native Employee Experience Platform . Our industry-leading and award-winning agentic AI communications channels - intranet, employee app and email solutions - create engaging experiences that connect and empower employees.
- Headquartered in Chemnitz, Germany and New York City, with offices in Berlin, London, Sydney, Tokyo, Prague
- Minneapolis–St. Paul, our diverse team of 750+ employees supports 2,000+ customers—reaching over 16.4 million employees—in transforming their employee experience.
- We are proud to be a Unicorn company—privately valued at over $1 billion—demonstrating strong growth, innovation, and lasting impact in our industry. Together, we’re shaping the future of workplace communication.
- Our information security program is fit for purpose and operationally sound. The next chapter is about making it investor-ready, AI-efficient, and capable of sustaining enterprise customer trust at scale.
- This is not a build-from-scratch role. It is a step up in maturity: fewer manual processes and sharper governance.
- The position sits at the center of the InfoSec team; you coordinate across teams, own outcomes and represent the function. You are comfortable being the person customers and auditors talk to.
- You think in programs and systems, not tasks. You identify where manual effort can be replaced by tooling or AI-assisted workflows
- are empowered to drive that change as we build out our AI-driven operating model across the company.
- What you’ll be doing
- You will act as the senior deputy for InfoSec within our Finance & Operations department, owning the function day-to-day, representing it internally and externally
- making it run with less friction and more intelligence.
- You report directly to the SVP Business Operations & Transformation and work closely with Legal, Procurement, Engineering, external auditors and enterprise customers.
- You will own;
- Compliance & Audit
- Lead ISO 27001 and SOC 2 audit cycles end-to-end in preparation, evidence collection, auditor management, and findings remediation
- Own the control framework and ensure it stays current as the business evolves
- Prepare the InfoSec program for investor and M&A due diligence scrutiny
- Customer Trust
- Own the response to enterprise customer security questionnaires and RFPs
- Represent Staffbase credibly in customer security reviews, calls, and audits
- Build scalable approaches (automation, templates, knowledge base) to reduce response time without sacrificing quality
- Risk & Vendor Security
- Maintain the risk register and drive risk treatment decisions with relevant stakeholders
- Own vendor security assessments for critical and high-risk suppliers
- Partner with Procurement and Legal on AI-assisted review workflows
- Policy & Awareness
- Own the internal security policy framework, keep it current, understandable, and enforced
- Design and run security awareness programs that change behaviour, not just tick boxes
- Incident Response
- Own the incident response plan and lead execution when incidents occur
- Coordinate with Engineering, Legal, and leadership during incidents
- Drive post-incident reviews and close findings with owners
- What you need to be successful
- Essential Experience
- 5+ years of hands-on InfoSec experience in a SaaS or B2B tech company
- Proven ownership of ISO 27001 and/or SOC 2 programs
- Track record of representing InfoSec to enterprise customers, including security reviews and escalations
- Must be fluent in German and English
- Comfortable with AI-driven tooling; actively looks for automation opportunities in compliance and operations
- Highly Desirable
- Experience supporting or preparing for M&A or investor due diligence processes
- Background working alongside Legal, Procurement, and Engineering
- Practical understanding of cloud security architecture (enough to challenge and validate, not operate)
- Relevant certification: CISM, CISSP, ISO 27001 Lead Auditor/Implementer, or equivalent. Certification matters less than what you have built
- What you'll get
- Competitive Compensation - we offer attractive salary packages including LTIP (unit-based Long Term Incentive Plan)
- Flexibility - we offer flexible working time models and the option of hybrid work, and support this with a yearly flex work allowance of €1560
- Recharge - with 31 vacation days annually (incl. one floating holiday), plus pro rata fully paid Fridays off during August
- Support - we’re offering a company pension scheme
- Volunteers Day - you’ll get one day off per year for supporting a social project
Required skills
ISO 27001SOC 2Risk ManagementVendor SecurityComplianceAudit