Startup Jobs
Post a Job
Sendcloud

Information Security Officer (ISO)

Eindhoven, Netherlands
On-site

TLDR

Own and improve the ISO 27001 ISMS, drive security governance, manage third-party risk, and ensure the integration of security in architecture decisions.

📍 Eindhoven (Hybrid - 2 days/week onsite) | Full-time

This is what you tell people at parties 👋

“At Sendcloud, we build Europe’s leading shipping automation platform - helping over 25,000 e-commerce businesses grow. I help make sure we can scale fast and safely: keeping our ISO 27001 security program strong, turning security risks into clear decisions, and working with Engineering, Platform, IT, Legal/Privacy and Support to protect our customers, our people, and our business. Security here is a business enabler - not a checkbox.”

What you will do in this role 🧐

We’re looking for an Information Security Officer who can combine pragmatic governance with hands-on program leadership. You’ll own our information security program and help ensure our ISO 27001 ISMS stays healthy and audit-ready - while driving real security improvements across the company.

This is a role for someone who enjoys building clarity, influencing stakeholders, and making sure important work actually gets done.

You’ll be involved in:

Owning our ISO 27001 ISMS (and keeping it always-on) → internal audits, evidence, management reviews, corrective actions, and external audit readiness

Running security risk management that leads to decisions → maintaining a living risk register, driving mitigations with owners and timelines, and enabling explicit risk acceptance when needed

Driving security governance that teams can actually use → practical policies and standards for access, data handling, vendor risk, and incident response

Leading security incident governance → classification, escalation, post-incident learning loops, and preventing repeats (in partnership with Platform/Engineering/Support)

Managing third-party and vendor security risk → risk tiering, due diligence, and working with Legal on security requirements and ongoing assurance

Enabling safe use of AI and agentic workflows → clear guardrails for AI tooling and automation so we can adopt AI safely without slowing teams down (including visibility on shadow IT/AI in collaboration with IT/Platform)

Being at the table for architecture decisions with security impact → you’ll participate in relevant architecture forums as a required security reviewer (not the decision maker), especially around identity/auth migrations, service-to-service patterns, and high blast-radius platform changes - to help teams catch security implications early and keep delivery moving

Reporting and stakeholder alignment → clear updates to leadership on security posture, top risks, incidents, audit outcomes, and progress

Our perfect match 💗

  • 3+ (typically 5+) years of relevant experience, with proven ownership of an ISMS/audit cycle (ISO 27001 or equivalent) and the ability to drive cross-functional remediation independently (ideally in SaaS/tech or a fast-paced scale-up). This is not an entry-level role - you’ll be expected to lead audits, run risk governance, and influence Engineering leadership (EM to VP)
  • Proven experience operating or significantly contributing to an ISO 27001 ISMS and driving audit readiness and remediation
  • Strong stakeholder management - you can influence, challenge, and drive follow-through across Engineering, Product, Platform, IT, and senior leadership
  • Pragmatic mindset: you balance security, speed, and customer impact using risk-based thinking
  • Strong written and verbal communication in English - you can turn complex topics into clear actions and decisions
  • A hands-on, ownership mentality: you don’t just write policies - you help make them real

Nice-to-have ✨

  • Experience preparing for SOC 2 readiness or similar assurance frameworks
  • Familiarity with AI governance / AI risk management concepts and modern GenAI risks (or strong curiosity to learn fast)
  • Certifications like CISSP, CISM, CISA, Security+, ISO 27001 Lead Implementer/Auditor (helpful, not required)
  • Experience with vendor security reviews, security questionnaires, and enterprise customer trust requirements

You share our core values

💩 No bullshit: We value honesty, transparency, and openness. Mistakes are for learning.
🎯 Grow & Win: Keep learning and improving - from each other, from challenges, and from feedback.
🎠 Have fun: Be yourself! We work hard together and enjoy the ride as a team.

What we offer 👋

  • A high-impact role with real ownership and visibility across the company
  • The opportunity to shape how Sendcloud scales trust and security in 2026+
  • Work closely with Engineering, Platform, IT, Legal/Privacy, Support and leadership - no siloed “security department”
  • Support for professional development and relevant certifications
  • Flexible hybrid work model + €500 home office budget 🏠
  • 28 holidays per year (based on full-time) + a free day off around your birthday 🎉
  • 4-week paid sabbatical after 3 years at Sendcloud 🏝️
  • €2,000 annual study budget 📚
  • Access to the Sendcloud gym & weekly Bootcamp and Boxing sessions 💪
  • Pension scheme
  • Health insurance discount

All CVs must be submitted in English.

Benefits

Health Insurance

Health insurance discount

Home Office Stipend

Flexible hybrid work model + €500 home office budget

Learning Budget

€2,000 annual study budget

Other Benefit

Pension scheme

 Sendcloud

Sendcloud is an all-in-one shipping platform designed for e-commerce, streamlining logistics for retailers, marketplaces, and fulfillment companies across Europe. With a growing customer base of over 30,000, we help businesses save time and cut costs while enhancing their shipping experiences.

Website LinkedIn
View all jobs
Ace your job interview

Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.

Information Security Officer Q&A's
Report this job
Apply for this job