Information Security Compliance Manager
Flinn ScientificVienna, Austria
Posted December 24, 2025
Full Time
About the Company
Finn is building a truly exceptional culture: a well-funded startup with a professional environment, committed to supporting employee development and staying healthy.
Job Description
We’re looking for an Information Security Compliance Manager (ISO 27001 / GDPR / HIPAA) with 3-5 years of experience to take ownership of our certified ISO/IEC 27001 ISMS and our privacy program in a health-data SaaS environment.
Requirements
- 3–5 years of experience in information security compliance / ISMS / GRC in a tech or SaaS environment
- Hands-on ownership of an ISO/IEC 27001 ISMS in a certified organization, including operating cadences (risk, SoA, control reviews, metrics, continual improvement)
- Audit experience you can point to: participation/leadership in external audits (surveillance/recertification) and successful closure of findings
- Practical GDPR operations experience (e.g., RoPA, DPIAs, vendor/subprocessor governance, DSAR coordination, incident/breach support)
- Comfort working in environments processing health data / special categories of data, and ability to operationalize privacy and security expectations (HIPAA exposure is a plus)
- Solid technical foundation to collaborate with Engineering on controls and evidence (IAM/SSO/MFA/RBAC, logging/audit trails, vulnerability & patch mgmt, change mgmt, cloud/SaaS fundamentals)
- Excellent English communication skills (written and verbal); German is a plus
Benefits
- Competitive compensation, including above-market salaries for exceptional talent
- Flexible working hours
- Unlimited vacation
- Staying healthy is a top priority
