IT & ISO Compliance Manager (m/w/d) Full remote

is a tech startup based in the industrial region of Ostwestfalen-Lippe in North Rhine-Westphalia, Germany. We are on a mission to lead the generational shift in the service of industrial machinery and equipment. To achieve this, we are building the first AI-powered knowledge platform that enables companies – from medium-sized machine manufacturers to global enterprises – to pass on the expertise of today’s service specialists to the next generation. We launched in early 2022 in our home region and have been growing rapidly on an international scale ever since. findIQ is currently preparing for ISO 27001 certification and is looking for a driven and detail-oriented professional to actively support and shape this journey. In this initial phase, the focus will be on building, implementing, and formalizing our information security management system to ensure audit readiness. Following the successful establishment of ISO 27001 structures, the role will gradually evolve into a broader IT Manager position. You will take on increasing responsibility for our IT landscape, business systems, and their continuous improvement, acting as a central interface between technical and business teams. Your responsibilities: Lead the end-to-end ISO 27001 certification process, including scoping, gap analysis, implementation, and audit preparation Design, document, and implement the Information Security Management System (ISMS) in line with ISO 27001 requirements Conduct and manage internal risk assessments, risk treatment plans, and Statement of Applicability (SoA) Monitor regulatory and compliance landscape to ensure ongoing alignment with ISO 27001 and relevant data protection requirements (e.g., GDPR) Maintain certification status through periodic surveillance and recertification audits Define Business Continuity and Disaster Recovery (BC/DR) policies and procedures Manage and administer corporate IT systems, including user provisioning, access management, and device management (Jamf pro platform) Own identity and access management (IAM) — including onboarding and offboarding workflows, SSO, and MFA setup Administer and maintain cloud environments, SaaS tools, and internal infrastructure (Microsoft 365 & Microsoft Azure Ecosystem like Microsoft Entra ID, Conditional Access, MS Defender, etc.) Provide IT support and troubleshooting for internal team members Establish and enforce data classification, handling, and retention policies Manage backup and recovery systems, ensuring data integrity and availability Evaluate, research and implement new IT tools and technologies as the organization scales Assist the Head of Operations in documenting tools, processes, and workflows across business systems 3+ years of experience in IT administration, IT security, or information security management roles Experience writing shell scripts (Bash and PowerShell) Proven experience leading or actively participating in an ISO 27001 certification project (hands-on ISMS implementation) Solid understanding of ISO/IEC 27001 standard, controls, and audit requirements Experience with risk assessment methodologies and security policy development Proficiency with Microsoft 365 and the Microsoft Azure platform (esp. Microsoft Entra ID) Strong knowledge of IAM, endpoint management, and network security fundamentals Excellent documentation and technical writing skills Strong communication skills in English (German is a plus) Nice to Have ISO 27001 Lead Implementer or Lead Auditor certification CISSP, CISM, CompTIA Security+, or equivalent certifications Experience with GDPR compliance in a B2B SaaS environment Familiarity with SOC 2 or other security frameworks Understanding of web-based APIs (like REST-APIs) Background in a fast-growing startup or scale-up environment Knowledge of DevSecOps practices and secure software development lifecycle (SDLC) An attractive salary: We offer fair compensation with performance-based components. Trust: We give you what you need to become the best version of yourself. Flexible working: We offer a hybrid model combining fixed office days with remote work. A strong team: We work openly, appreciatively, and with genuine joy in what we are building together. Individual development: We give you the chance to grow professionally and personally – including through paid training, coaching, and personal learning time. Startup insights: You can expect close collaboration with and insights into the work of the founding team. Additional benefits: Up to 1 month of “work from anywhere” (in an EU country). Workations and regular team events. Educational leave (voluntary). 30 days of vacation. Office pets (welcome by arrangement). Charging stations for electric cars (at the Herford location). Subsidies for further training and mobility. Family-friendly working hours. Diversity in action – be yourself. We are too. Then apply online now with your resume and relevant references. Do you have any questions? Feel free to contact Senada directly at [email protected] . This position isn't quite right for you? We look forward to receiving your unsolicited application! findIQ is an innovative and fast-growing technology company from Germany that sees itself as a quality leader in knowledge transfer in machine service. With a novel approach, findIQ succeeds in preserving the experiential knowledge of service technicians and processing it intelligently to support the future generation of service providers - quickly, scalably, and with an eye to the future. Join our team and help us shape the digital transformation of the industry!