Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Smallpdf

Information Security Officer – Compliance

Smallpdf

Information Security & Compliance Officer at Pdftools overseeing compliance and security ownership for a Swiss B2B software company. Driving GDPR compliance and risk management initiatives.

Posted 5/4/2026full-timeRemote • 🇨🇭 SwitzerlandMid-LevelSeniorWebsite

About the role

Key responsibilities & impact
  • Own and maintain the Register of Processing Activities (ROPA) — currently established but requiring ongoing expansion and review.
  • Ensure compliance with GDPR, Swiss FADP (revDSG), and CCPA requirements across all company operations.
  • Manage data subject request (DSR) workflows and ensure timely, compliant responses.
  • Own the retention and deletion policy — define, implement, and enforce data lifecycle rules.
  • Maintain and improve the company's privacy policies (website, HR, product-level).
  • Maintain the processor register and DPA repository.
  • Ensure all active vendors/processors have reviewed DPAs with appropriate safeguards (SCCs, Swiss addenda).
  • Establish and run an annual vendor review cadence.
  • Map and document international data transfers and safeguards.
  • Own the company's Technical and Organizational Measures (TOMs) documentation.
  • Drive formalization and periodic testing of security controls.
  • Coordinate penetration testing with external partners.
  • Build toward a security monitoring and incident response capability.
  • Own the risk register — maintain it, drive risk owners to close items, report to leadership.
  • Evaluate and recommend security tooling (e.g., CVE scanning, static analysis integration, SIEM).
  • Track emerging regulatory requirements (AI Act, DORA, NIS2) and assess applicability.
  • Prepare the company for potential ISO 27001 or SOC 2 certification when strategically appropriate.
  • Coordinate with external legal counsel (currently MLL) on regulatory assessments and policy drafting.
  • Respond to customer compliance questionnaires and security assessments.
  • Support sales and pre-sales with compliance documentation, certifications overview, and security posture materials.
  • Ensure product-level compliance considerations (e.g., OSS license management, SBOM generation) are integrated into engineering workflows.

Requirements

What you’ll need
  • 3–5+ years of experience in information security, data protection, or compliance roles — ideally in a B2B software or SaaS environment.
  • Working knowledge of GDPR and Swiss FADP, including hands-on experience with ROPAs, DPAs, DSR handling, and data transfer mechanisms (SCCs, adequacy decisions).
  • Familiarity with security frameworks and controls: ISO 27001, SOC 2, or similar — you don't need to have led a certification, but you should understand the requirements.
  • Ability to build and maintain a risk register and drive risk mitigation across teams.
  • Strong written and verbal communication in English (working language). German is a significant plus for Swiss regulatory context and local vendor interactions.
  • Pragmatic and structured: you can prioritize what matters in a 50-person company, not gold-plate processes designed for 5,000.
  • Comfortable working independently — this is a one-person function with leadership support, not a large team.

Benefits

Comp & perks
  • 30 vacation days - yep, you read that right - you can take them whenever you need them.
  • Flexibility: we have flexible working hours.
  • Need a long break? We offer sabbatical leave to employees who’ve been with us for over two years.
  • 16 weeks parental leave - 100% of your salary - for all new parents.
  • Don’t leave your four-legged friends at home; our Zurich office is pet-friendly.
  • A well-being budget of up to 2,000 CHF every year that can be used for training and development (plus days off for courses or training) and for physical and mental well-being purposes.
  • Possibility of a Phantom stock option plan - PSOP (Conditions apply).
  • Hack days to challenge you and your team, plus build amazing things.

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
GDPRSwiss FADPCCPAROPADPADSRISO 27001SOC 2risk registersecurity controls
Soft Skills
strong written communicationstrong verbal communicationpragmaticstructuredindependent work
Certifications
ISO 27001SOC 2