Job Description
📍 Eindhoven (Hybrid - 2 days/week onsite) | Full-time
This is what you tell people at parties 👋
“At Sendcloud, we build Europe’s leading shipping automation platform - helping over 25,000 e-commerce businesses grow. I help make sure we can scale fast and safely: keeping our ISO 27001 security program strong, turning security risks into clear decisions, and working with Engineering, Platform, IT, Legal/Privacy and Support to protect our customers, our people, and our business. Security here is a business enabler - not a checkbox.”
What you will do in this role 🧐
We’re looking for an Information Security Officer who can combine pragmatic governance with hands-on program leadership. You’ll own our information security program and help ensure our ISO 27001 ISMS stays healthy and audit-ready - while driving real security improvements across the company.
This is a role for someone who enjoys building clarity, influencing stakeholders, and making sure important work actually gets done.
You’ll be involved in:
Owning our ISO 27001 ISMS (and keeping it always-on) → internal audits, evidence, management reviews, corrective actions, and external audit readiness
Running security risk management that leads to decisions → maintaining a living risk register, driving mitigations with owners and timelines, and enabling explicit risk acceptance when needed
Driving security governance that teams can actually use → practical policies and standards for access, data handling, vendor risk, and incident response
Leading security incident governance → classification, escalation, post-incident learning loops, and preventing repeats (in partnership with Platform/Engineering/Support)
Managing third-party and vendor security risk → risk tiering, due diligence, and working with Legal on security requirements and ongoing assurance
Enabling safe use of AI and agentic workflows → clear guardrails for AI tooling and automation so we can adopt AI safely without slowing teams down (including visibility on shadow IT/AI in collaboration with IT/Platform)
Being at the table for architecture decisions with security impac t → you’ll participate in relevant architecture forums as a required security reviewer (not the decision maker), especially around identity/auth migrations, service-to-service patterns, and high blast-radius platform changes - to help teams catch security implications early and keep delivery moving
Reporting and stakeholder alignment → clear updates to leadership on security posture, top risks, incidents, audit outcomes, and progress
Our perfect match 💗
- 3+ (typically 5+) years of relevant experience, with proven ownership of an ISMS/audit cycle (ISO 27001 or equivalent) and the ability to drive cross-functional remediation independently (ideally in SaaS/tech or a fast-paced scale-up). This is not an entry-level role - you’ll be expected to lead audits, run risk governance, and influence Engineering leadership (EM to VP)
- Proven experience operating or significantly contributing to an ISO 27001 ISMS and driving audit readiness and remediation
- Strong stakeholder management - you can influence, challenge, and drive follow-through across Engineering, Product, Platform, IT, and senior leadership
- Pragmatic mindset: you balance security, speed, and customer impact using risk-based thinking
- Strong written and verbal communication in English - you can turn complex topics into clear actions and decisions
- A hands-on, ownership mentality: you don’t just write policies - you help make them real
Nice-to-have ✨
- Experience preparing for SOC 2 readiness or similar assurance frameworks
- Familiarity with AI governance / AI risk management concepts and modern GenAI risks (or strong curiosity to learn fast)
- Certifications like CISSP, CISM, CISA, Security+, ISO 27001 Lead Implementer/Auditor (helpful, not required)
- Experience with vendor security reviews, security questionnaires, and enterprise customer trust requirements
You share our core values
💩 No bullshit: We value honesty, transparency, and openness. Mistakes are for learning.
🎯 Grow & Win: Keep learning and improving - from each other, from challenges, and from feedback.
🎠 Have fun: Be yourself! We work hard together and enjoy the ride as a team.
What we offer 👋
- A high-impact role with real ownership and visibility across the company
- The opportunity to shape how Sendcloud scales trust and security in 2026+
- Work closely with Engineering, Platform, IT, Legal/Privacy, Support and leadership - no siloed “security department”
- Support for professional development and relevant certifications
- Flexible hybrid work model + €500 home office budget 🏠
- 28 holidays per year (based on full-time) + a free day off around your birthday 🎉
- 4-week paid sabbatical after 3 years at Sendcloud 🏝️
- €2,000 annual study budget 📚
- Access to the Sendcloud gym & weekly Bootcamp and Boxing sessions 💪
- Pension scheme
- Health insurance discount
All CVs must be submitted in English.
