IT & ISO Compliance Manager (m/w/d) Full remote

findIQ is currently preparing for ISO 27001 certification and is looking for a driven and detail-oriented professional to actively support and shape this journey. In this initial phase, the focus will be on building, implementing, and formalizing our information security management system to ensure audit readiness.

Following the successful establishment of ISO 27001 structures, the role will gradually evolve into a broader IT Manager position. You will take on increasing responsibility for our IT landscape, business systems, and their continuous improvement, acting as a central interface between technical and business teams.

Your responsibilities:

• Lead the end-to-end ISO 27001 certification process, including scoping, gap analysis, implementation, and audit preparation
• Design, document, and implement the Information Security Management System (ISMS) in line with ISO 27001 requirements
• Conduct and manage internal risk assessments, risk treatment plans, and Statement of Applicability (SoA)
• Monitor regulatory and compliance landscape to ensure ongoing alignment with ISO 27001 and relevant data protection requirements (e.g., GDPR)
• Maintain certification status through periodic surveillance and recertification audits
• Define Business Continuity and Disaster Recovery (BC/DR) policies and procedures
• Manage and administer corporate IT systems, including user provisioning, access management, and device management (Jamf pro platform) 
• Own identity and access management (IAM) — including onboarding and offboarding workflows, SSO, and MFA setup
• Administer and maintain cloud environments, SaaS tools, and internal infrastructure (Microsoft 365 & Microsoft Azure Ecosystem like Microsoft Entra ID, Conditional Access, MS Defender, etc.)
• Provide IT support and troubleshooting for internal team members
• Establish and enforce data classification, handling, and retention policies
• Manage backup and recovery systems, ensuring data integrity and availability
• Evaluate, research and implement new IT tools and technologies as the organization scales
• Assist the Head of Operations in documenting tools, processes, and workflows across business systems

• 3+ years of experience in IT administration, IT security, or information security management roles
• Experience writing shell scripts (Bash and PowerShell) 
• Proven experience leading or actively participating in an ISO 27001 certification project (hands-on ISMS implementation)
• Solid understanding of ISO/IEC 27001 standard, controls, and audit requirements
• Experience with risk assessment methodologies and security policy development
• Proficiency with Microsoft 365 and the Microsoft Azure platform (esp. Microsoft Entra ID)
• Strong knowledge of IAM, endpoint management, and network security fundamentals
• Excellent documentation and technical writing skills
• Strong communication skills in English (German is a plus)

• ISO 27001 Lead Implementer or Lead Auditor certification
• CISSP, CISM, CompTIA Security+, or equivalent certifications
• Experience with GDPR compliance in a B2B SaaS environment
• Familiarity with SOC 2 or other security frameworks
• Understanding of web-based APIs (like REST-APIs)
• Background in a fast-growing startup or scale-up environment
• Knowledge of DevSecOps practices and secure software development lifecycle (SDLC)