Act as a core member of the remotely distributed IS&T Governance team, fostering a strong culture of security and compliance awareness across planning, development, and operational activities.
Ensure that changes in product, development, and operational processes are properly documented, risk-assessed, and reviewed in a timely and structured manner.
Partner with the Commercial organization by supporting security and compliance questionnaires, contributing to contract and DPA reviews, and participating in customer calls as a trusted subject matter expert.
Manage and respond to incoming requests related to compliance, information security, and regulatory topics, providing clear, pragmatic, and actionable guidance to internal stakeholders.
Serve as the internal authority on information security best practices, continuously promoting industry standards and driving their consistent adoption across the organization.
Lead and support the preparation, execution, and continuous maintenance of security certifications and regulatory frameworks (e.g., ISO 27001, ISO 22301, SOC 2, PCI DSS, HIPAA).
When new certifications or regulatory frameworks are required, take ownership of understanding the applicable security and legal requirements in close alignment with Legal and the DPO, and translate them into hands-on guidance for engineering, product, and operations teams.
Drive the practical implementation and adoption of compliance controls by embedding governance and security requirements into daily workflows and technical designs.
Contribute to the definition and continuous improvement of governance processes, policies, and standards to ensure scalability and long-term audit readiness.
Support risk assessments, DPIAs, and control design activities for new products, features, and architectural changes.

Requirements

A seasoned GRC / Information Security professional with 6–10+ years of experience across information security, compliance, risk management, and regulatory frameworks in technology-driven environments.
Deeply experienced in security and compliance standards such as ISO 27001, SOC II, FedRAMP, PCI DSS v4, ISO 42001, and data protection regulations (e.g., GDPR, CCPA), with a strong understanding of how they apply in modern SaaS and AI platforms.
A trusted advisor who can confidently engage with engineers, product leaders, legal teams, auditors, and enterprise customers, translating complex regulatory requirements into clear, practical actions.
A hands-on operator who is comfortable moving between strategic governance design and detailed control implementation, audits, and evidence generation.
A builder of scalable governance who designs processes and controls that enable speed and innovation rather than slow them down.
A culture carrier who naturally embeds security, privacy, and compliance thinking into everyday decision-making across the organization.
Analytical and pragmatic, balancing regulatory rigor with business reality to deliver solutions that are both compliant and operationally efficient.
Resilient under pressure, remaining structured, credible, and decisive in audits, customer security reviews, and high-stakes compliance discussions.
A continuous learner who stays current on emerging regulations, security standards, and best practices in cloud security, AI governance, and data protection.

Benefits

The opportunity to join a rapidly growing Conversational AI startup with offices in Berlin, New York, and Munich.
Enjoy an immersive company onboarding experience, where you’ll have the chance to delve into the Parloa product and immerse yourself in our dynamic company culture.
Hybrid work environment - we believe in hiring the best talent, no matter where they are based. However, we love to build real connections and want to welcome everyone in the office on certain days.
Attractive compensation package with equity.
Training and development budget which can be used for conferences and attending development courses to ensure continuous professional growth.
Flexible working hours, Unlimited PTO and travel opportunities.
Regular team events, game nights, and other social activities.
A beautiful office with flair in the heart of NYC with all the conveniences, such as social area, snacks, and drinks.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

information securitycompliancerisk managementregulatory frameworkssecurity certificationsISO 27001SOC 2PCI DSSGDPRCCPA

Soft Skills

trusted advisoranalyticalpragmaticresilient under pressurestructuredcredibledecisivecontinuous learnerculture carrierbuilder of scalable governance

Certifications

ISO 27001SOC 2PCI DSSISO 22301FedRAMPISO 42001HIPAA