Information Security and Compliance Officer

📋 Description

• Own and run security & compliance programs (ISO 27001, SOC 2, HIPAA/HITECH, GDPR, DORA, ...), including planning, control maintenance, evidence collection, audit readiness, and continuous improvement.
• Own the compliance roadmap: monitor regulatory and customer requirements, recommend frameworks, prioritize by risk and impact.
• Build, improve, and enforce security policies and procedures aligned with standards.
• Lead risk management: identify/assess risks, define mitigations, track progress, report residual risk.
• Drive vendor/third-party security reviews; due diligence; ensure contractual/compliance requirements are met.
• Coordinate audits and external interactions: prepare teams, manage timelines, engage auditors/regulators/counsel.

🎯 Requirements

• Proven experience in information security compliance / GRC, ideally in SaaS or regulated env.
• Hands-on ISO 27001; SOC 2, HIPAA/HITECH, GDPR a plus.
• Solid understanding of security frameworks and control domains (risk, access control, vendor risk, incident management, logging/monitoring, encryption).
• Experience supporting or leading audits/investigations with external stakeholders.
• AI-native operator mindset: use AI to build repeatable workflows, automate low-value tasks, and move faster with security.
• Strong communication: explain security to non-technical audiences and influence without authority.

🎁 Benefits

• Office First: based at our Geneva office, in-person collaboration.
• AI-First Technology: access to AI tools and a modern tech stack.
• Personal Development: learning budget for training, conferences, courses.
• Generous Leave: competitive vacation policies for rest and recharge.
• Quarterly Events & Annual Retreats: team events and company-wide retreats.
• Perks & Wellbeing: yoga sessions, gym discounts, Apple product discounts.