Join one of Berlin’s fastest-growing [SaaS/Fintech] startups as we scale our global footprint.
We aren't looking for a "paperwork officer"—we need a technical engineer who views compliance as a product feature.
In this role, you’ll be part of a flat hierarchy where your code protects our customers and our reputation.
You’ll help us move beyond "point-in-time" audits to a state of Continuous Compliance, ensuring our cloud infrastructure is secure by design and compliant by default.
Location: Berlin (Kreuzberg/Mitte) / Hybrid Language: English (Working language), German is a plus.
Tasks Compliance-as-Code: Build and maintain automated evidence-collection pipelines to satisfy ISO 27001, SOC2 Type II, and the EU AI Act.
Cloud Guardrails: Implement automated security policies in AWS/GCP using Terraform or CloudFormation to prevent compliance drift.
Audit Orchestration: Act as the technical lead for external audits, using automation to reduce manual "screenshotting" and spreadsheet management.
Vulnerability Management: Work closely with the DevOps team to prioritize and remediate technical risks found in CI/CD pipelines.
Third-Party Risk Tech: Evaluate the security posture of our tech vendors using automated assessment tools rather than just static questionnaires.
You should be comfortable with Python or Go for automation and have deep knowledge of Kubernetes and Cloud Security (AWS/Azure).
The Regulatory Lens: Hands-on experience with European frameworks (GDPR, NIS2) and a strong understanding of international standards (ISO/SOC2).
The "Startup" Mindset: You prefer building a tool to solve a problem rather than writing a 50-page manual.
You thrive in fast-paced environments where things change weekly.
Communication: Ability to explain the "why" behind a security control to a Product Manager and the "how" to a Senior Developer.