Senior Information Security Specialist

Company Description

🚀 SmartRecruiters transforms hiring for the world’s leading enterprises. We deliver an AI-powered hiring platform built for global scale, automating and optimizing the entire talent acquisition process. More than 4,000 companies, including LinkedIn, McDonald's, VISA, CD Projekt Red, Allegro rely on SmartRecruiters to build winning teams. 

🚀 In 2025, SmartRecruiters joined SAP, the global leader in enterprise applications. Together, we are accelerating the reinvention of hiring by combining AI innovation with the scale and resources of SAP’s ecosystem.

We designed our R&D structure based on the empowered product teams model. It means our teams are responsible for business outcomes and have autonomy in solving problems in the way that “customers love yet work for the business” (yes, we are heavily influenced by this and that).

Job Description

SmartRecruiters is looking for a Senior Information Security Specialist to join the Governance, Risk & Compliance (GRC) team. This role is critical to ensuring that SmartRecruiters' applications, systems, and processes remain compliant with industry standards and regulatory requirements, including ISO 27001, ISO 22301, ISO 42001, SOC 2 Type II, Cyber Essentials, GDPR, and the EU AI Act.

The successful candidate will combine strong GRC expertise with a technical, engineering mindset - someone who can drive compliance programmes across multiple frameworks while also stepping into complex technical topics such as business continuity, AI security, and cloud compliance. Critically, this is not a purely audit-focused role; we need someone who can dig into technical details, assess security architectures, support forensic investigations, build automation to replace manual processes, and provide hands-on guidance to engineering and security teams. A core part of this role is identifying opportunities to engineer scalable, repeatable solutions, from compliance evidence collection to policy enforcement, rather than relying on manual effort.

At SmartRecruiters, you’ll be part of a global, high-impact team shaping how people connect with jobs.

Responsibilities

Governance, Risk & Compliance

• Identify manual, repetitive GRC processes and design automation blueprints to streamline them, including evidence collection, control monitoring, access reviews, policy enforcement checks, and compliance reporting

• Build and maintain automated workflows using compliance platforms, scripting, or integration tools to reduce manual effort and improve audit-readiness

• Develop reusable templates, playbooks, and standardised blueprints for recurring GRC activities (e.g., vendor assessments, internal audits, risk reviews) to ensure consistency and scalability.

• Collaborate with engineering and IT teams to integrate security and compliance checks into existing toolchains and CI/CD pipelines where applicable

• Continuously evaluate and improve GRC tooling, data flows, and reporting to drive operational efficiency across the team

• Manage stakeholder expectations and partner with internal teams to ensure effective management of IT risks and compliance obligations

• Maintain regional and local stakeholder relationships, meeting schedules, minutes, and reports.

• Support the maintenance of the SOC 2 Type II framework, including evidence collection, control testing coordination, and audit support

• Effectively manage ISO 27001 and ISO 22301 audit lifecycles and coordinate with stakeholders on ISMS and BCMS improvements

• Support the maintenance and continuous improvement of the ISO 42001 (AI Management System) framework in alignment with the EU AI Act

• Support vendor risk management activities, including third-party security assessments and due diligence reviews

Business Continuity & ISO 22301

• Serve as a subject matter expert or key contributor for the Business Continuity Management System (BCMS), supporting the strategy, framework, and audit programme under ISO 22301

• Support Business Impact Analysis (BIA), BCP/DRP development, recovery exercises, and continuity metrics management

AI Security & Compliance

• Support AI security and compliance activities, including the assessment of AI-related risks, alignment with ISO 42001 controls, and regulatory readiness under the EU AI Act

• Collaborate with product and engineering teams to evaluate security controls for AI/ML features and services

Qualifications

• 5+ years of experience in information security, governance, risk, and/or compliance roles with a technical orientation

• Demonstrated compliance or auditing experience with at least one major framework

• Solid understanding of controls auditing principles and evidence management

• Knowledge of risk management methodologies and experience conducting or supporting risk assessments

• Ability to manage and deliver on multiple complex projects simultaneously, with minimal supervision

• The ability to investigate, question, and interpret internal and external IT security and compliance issues at both a governance and technical level

• A strong understanding of technology, cloud-based products, and SaaS environments

• Experience working across business units and geographical boundaries to engage engineering, business, and operational teams

• Experience with ISO 27001

• Excellent written and verbal communication skills in English

Nice to have

• Professional certifications such as CISA, CRISC, CISM, CISSP, CCSK, CCSP, or equivalent

• Experience with ISO 9001, 27017, and 27018 

• Experience with ISO 22301 (Business Continuity), including BIA, BCP/DRP, and recovery testing

• Experience with BSI C5 (Cloud Computing Compliance Criteria Catalogue) or similar cloud-specific compliance frameworks

• Knowledge of AI security principles, experience with ISO 42001, or familiarity with the EU AI Act and its technical requirements

• Technical understanding of cloud infrastructure (AWS preferred), networking fundamentals, identity management, and SaaS security architectures

• Experience with enterprise risk management frameworks and tools

• Understanding of threat modelling methodologies and secure development lifecycle (SDLC) principles

• Hands-on experience with incident response - including participation in security incident investigations, containment, and post-mortem processes

Benefits

• We support 100% remote work with Wi-Fi reimbursement and an additional stipend for the equipment (the MacBook laptop is provided by us)

• Unlimited vacation days (yes - it's really unlimited)

• Private Medical Care for you and your dependents (Luxmed)

• Wellness Programme (Multisport Card and even more)

• Company wide shutdowns in August and around Christmas

Additional information

SmartRecruiters is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based on race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.