Information Security Officer – Compliance

Job not on LinkedIn

🕒 May 4

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Smallpdf

WebsiteLinkedInAll Job Openings

51 - 200 employees

Founded 2013

☁️ SaaS

⚡ Productivity

🏢 Enterprise

SaaS • Productivity • Enterprise

Smallpdf is a comprehensive PDF management software that simplifies working with digital documents. It offers a wide range of tools to compress, convert, merge, edit, and e-sign PDFs, among others. The software allows users to manage all their digital documents in one place, supporting various file format conversions and providing features for highlighting, annotating, and organizing PDFs. Smallpdf also ensures secure document handling with encryption and compliance with privacy standards. It caters to both individual users and businesses, providing solutions that enhance document productivity on both desktop and mobile platforms. Trusted by over a billion users, Smallpdf is one of the highest-rated PDF software providers on major B2B platforms.

📋 Description

• Own and maintain the Register of Processing Activities (ROPA) — currently established but requiring ongoing expansion and review. • Ensure compliance with GDPR, Swiss FADP (revDSG), and CCPA requirements across all company operations. • Manage data subject request (DSR) workflows and ensure timely, compliant responses. • Own the retention and deletion policy — define, implement, and enforce data lifecycle rules. • Maintain and improve the company's privacy policies (website, HR, product-level). • Maintain the processor register and DPA repository. • Ensure all active vendors/processors have reviewed DPAs with appropriate safeguards (SCCs, Swiss addenda). • Establish and run an annual vendor review cadence. • Map and document international data transfers and safeguards. • Own the company's Technical and Organizational Measures (TOMs) documentation. • Drive formalization and periodic testing of security controls. • Coordinate penetration testing with external partners. • Build toward a security monitoring and incident response capability. • Own the risk register — maintain it, drive risk owners to close items, report to leadership. • Evaluate and recommend security tooling (e.g., CVE scanning, static analysis integration, SIEM). • Track emerging regulatory requirements (AI Act, DORA, NIS2) and assess applicability. • Prepare the company for potential ISO 27001 or SOC 2 certification when strategically appropriate. • Coordinate with external legal counsel (currently MLL) on regulatory assessments and policy drafting. • Respond to customer compliance questionnaires and security assessments. • Support sales and pre-sales with compliance documentation, certifications overview, and security posture materials. • Ensure product-level compliance considerations (e.g., OSS license management, SBOM generation) are integrated into engineering workflows.

🎯 Requirements

• 3–5+ years of experience in information security, data protection, or compliance roles — ideally in a B2B software or SaaS environment. • Working knowledge of GDPR and Swiss FADP, including hands-on experience with ROPAs, DPAs, DSR handling, and data transfer mechanisms (SCCs, adequacy decisions). • Familiarity with security frameworks and controls: ISO 27001, SOC 2, or similar — you don't need to have led a certification, but you should understand the requirements. • Ability to build and maintain a risk register and drive risk mitigation across teams. • Strong written and verbal communication in English (working language). German is a significant plus for Swiss regulatory context and local vendor interactions. • Pragmatic and structured: you can prioritize what matters in a 50-person company, not gold-plate processes designed for 5,000. • Comfortable working independently — this is a one-person function with leadership support, not a large team.

🏖️ Benefits

• 30 vacation days - yep, you read that right - you can take them whenever you need them. • Flexibility: we have flexible working hours. • Need a long break? We offer sabbatical leave to employees who’ve been with us for over two years. • 16 weeks parental leave - 100% of your salary - for all new parents. • Don’t leave your four-legged friends at home; our Zurich office is pet-friendly. • A well-being budget of up to 2,000 CHF every year that can be used for training and development (plus days off for courses or training) and for physical and mental well-being purposes. • Possibility of a Phantom stock option plan - PSOP (Conditions apply). • Hack days to challenge you and your team, plus build amazing things.