Job
- Level
- Experienced
- Job Field
- IT, System, Security
- Employment Type
- Full Time
- Contract Type
- Permanent employment
- Location
- Vienna, Berlin
- Working Model
- Hybrid, Onsite
Job Summary
In this role, you will take ownership of the ISO/IEC 27001 ISMS, conduct audits, and develop privacy programs while working closely with Engineering and Operations on compliance activities.
Job Technologies
Your role in the team
- We're looking for an Information Security Compliance Manager (ISO 27001 / GDPR / HIPAA) to take ownership of our certified ISO/IEC 27001 ISMS and our privacy program in a health-data SaaS environment.
- You will maintain and continuously improve our ISO 27001 system (supported by Vanta), lead internal and external (surveillance) audits, and evolve our GDPR setup to also cover HIPAA expectations and special categories of data in close partnership with Engineering and Tech.
- Übernehmen Sie die vollständige Verantwortung für unser zertifiziertes ISO 27001 ISMS und stellen Sie sicher, dass es das ganze Jahr über effektiv, aktuell und auditbereit bleibt.
- Lead preparation and execution support for surveillance audits, including evidence readiness, stakeholder preparation, and closing findings.
- Führen Sie das interne Auditprogramm durch und steuern Sie Korrekturmaßnahmen (CAPA) bis zum Abschluss mit klarer Verantwortlichkeit und messbaren Ergebnissen.
- Harmonize security and privacy governance by aligning ISO 27001 and GDPR processes (risk, vendor management, incident/breach handling, access governance, retention).
- Expand the privacy program from GDPR to include HIPAA-related requirements and robust handling of health/sensitive data (incl. vendor/subprocessor controls).
- Translate security/privacy requirements into pragmatic, actionable work for Engineering and Operations ("what needs to be done, how, and what evidence is needed").
- Improve scalability of compliance operations using Vanta (evidence automation, control monitoring, clean documentation) and help prepare for future SOC 2 / NIST needs.
This text has been machine translated. Show original
Our expectations of you
Qualifications
- Hands-on ownership of an ISO/IEC 27001 ISMS in a certified organization, including operating cadences (risk, SoA, control reviews, metrics, continual improvement).
- Ability to plan/execute (or coordinate) internal audits and drive corrective actions through to verified completion.
- Comfort working in environments processing health data / special categories of data, and ability to operationalize privacy and security expectations (HIPAA exposure is a plus).
- Solid technical foundation to collaborate with Engineering on controls and evidence (IAM/SSO/MFA/RBAC, logging/audit trails, vulnerability & patch management, change management, cloud/SaaS fundamentals).
- Excellent English communication skills (written and verbal); German is a plus.
- Location: Vienna or Berlin (hybrid/onsite expectations as applicable).
Experience
- 3-5 years of experience in information security compliance / ISMS / GRC in a tech or SaaS environment.
- Audit experience you can point to: participation/leadership in external audits (surveillance/recertification) and successful closure of findings.
- Practical GDPR operations experience (e.g., RoPA, DPIAs, vendor/subprocessor governance, DSAR coordination, incident/breach support).
This text has been machine translated. Show original
Job Locations
Topics that you deal with on the job
This is your employer
Flinn
Flinn is a leading company in MedTech automation, offering an AI-driven platform to optimize regulatory and quality processes. The company leverages innovative technologies to advance the industry.
Description
- Company Type
- Established Company
- Working Model
- Hybrid, Onsite
- Industry
- Healthcare, Social Sector
Information Security Compliance Manager
- Location
- Vienna, Berlin
- Working Model
- Hybrid, Onsite
- Diversity
- Open for all genders
