Security & IT

Information Security Officer (ISO)

Eindhoven HQ

πŸ“ Eindhoven (Hybrid - 2 days/week onsite) | Full-time

This is what you tell people at parties πŸ‘‹

“At Sendcloud, we build Europe’s leading shipping automation platform - helping over 25,000 e-commerce businesses grow. I help make sure we can scale fast and safely: keeping our ISO 27001 security program strong, turning security risks into clear decisions, and working with Engineering, Platform, IT, Legal/Privacy and Support to protect our customers, our people, and our business. Security here is a business enabler - not a checkbox.”

What you will do in this role 🧐

We’re looking for an Information Security Officer who can combine pragmatic governance with hands-on program leadership. You’ll own our information security program and help ensure our ISO 27001 ISMS stays healthy and audit-ready - while driving real security improvements across the company.

This is a role for someone who enjoys building clarity, influencing stakeholders, and making sure important work actually gets done.

You’ll be involved in:

Owning our ISO 27001 ISMS (and keeping it always-on) → internal audits, evidence, management reviews, corrective actions, and external audit readiness

Running security risk management that leads to decisions → maintaining a living risk register, driving mitigations with owners and timelines, and enabling explicit risk acceptance when needed

Driving security governance that teams can actually use → practical policies and standards for access, data handling, vendor risk, and incident response

Leading security incident governance → classification, escalation, post-incident learning loops, and preventing repeats (in partnership with Platform/Engineering/Support)

Managing third-party and vendor security risk → risk tiering, due diligence, and working with Legal on security requirements and ongoing assurance

Enabling safe use of AI and agentic workflows → clear guardrails for AI tooling and automation so we can adopt AI safely without slowing teams down (including visibility on shadow IT/AI in collaboration with IT/Platform)

Being at the table for architecture decisions with security impact → you’ll participate in relevant architecture forums as a required security reviewer (not the decision maker), especially around identity/auth migrations, service-to-service patterns, and high blast-radius platform changes - to help teams catch security implications early and keep delivery moving

Reporting and stakeholder alignment → clear updates to leadership on security posture, top risks, incidents, audit outcomes, and progress

Our perfect match πŸ’—

  • 3+ (typically 5+) years of relevant experience, with proven ownership of an ISMS/audit cycle (ISO 27001 or equivalent) and the ability to drive cross-functional remediation independently (ideally in SaaS/tech or a fast-paced scale-up). This is not an entry-level role - you’ll be expected to lead audits, run risk governance, and influence Engineering leadership (EM to VP)
  • Proven experience operating or significantly contributing to an ISO 27001 ISMS and driving audit readiness and remediation
  • Strong stakeholder management - you can influence, challenge, and drive follow-through across Engineering, Product, Platform, IT, and senior leadership
  • Pragmatic mindset: you balance security, speed, and customer impact using risk-based thinking
  • Strong written and verbal communication in English - you can turn complex topics into clear actions and decisions
  • A hands-on, ownership mentality: you don’t just write policies - you help make them real

Nice-to-have ✨

  • Experience preparing for SOC 2 readiness or similar assurance frameworks
  • Familiarity with AI governance / AI risk management concepts and modern GenAI risks (or strong curiosity to learn fast)
  • Certifications like CISSP, CISM, CISA, Security+, ISO 27001 Lead Implementer/Auditor (helpful, not required)
  • Experience with vendor security reviews, security questionnaires, and enterprise customer trust requirements

You share our core values

πŸ’© No bullshit: We value honesty, transparency, and openness. Mistakes are for learning.
🎯 Grow & Win: Keep learning and improving - from each other, from challenges, and from feedback.
🎠 Have fun: Be yourself! We work hard together and enjoy the ride as a team.

What we offer πŸ‘‹

  • A high-impact role with real ownership and visibility across the company
  • The opportunity to shape how Sendcloud scales trust and security in 2026+
  • Work closely with Engineering, Platform, IT, Legal/Privacy, Support and leadership - no siloed “security department”
  • Support for professional development and relevant certifications
  • Flexible hybrid work model + €500 home office budget 🏠
  • 28 holidays per year (based on full-time) + a free day off around your birthday πŸŽ‰
  • 4-week paid sabbatical after 3 years at Sendcloud 🏝️
  • €2,000 annual study budget πŸ“š
  • Access to the Sendcloud gym & weekly Bootcamp and Boxing sessions πŸ’ͺ
  • Pension scheme
  • Health insurance discount

All CVs must be submitted in English.

Apply now

Working with us has its perks ´❀️

We want our people to be and become the best version of themselves.
That’s why we offer you an awesome perks and benefits package to enjoy onβ€”and offβ€”the job.

Read more