Information Security & Compliance Officer

Smallpdf AG

Job Overview

Location

Zürich

Job Type

Full-time

Full Job Description

📋 Description

• As the Information Security & Compliance Officer at Pdftools, you will own and drive the company's compliance and security program from an early-stage foundation to a structured, auditable framework, ensuring trust and integrity in how the company handles sensitive data for enterprise customers across regulated industries.
• Your day-to-day will involve owning and maintaining the Register of Processing Activities (ROPA), managing data subject request workflows, ensuring GDPR and Swiss FADP compliance, maintaining vendor DPAs, owning Technical and Organizational Measures (TOMs) documentation, driving security control formalization, coordinating penetration testing, maintaining the risk register, tracking emerging regulations like AI Act and DORA, preparing for ISO 27001 or SOC 2 certification, responding to customer compliance questionnaires, and supporting sales with compliance documentation.
• You will join a Swiss-built, quality-obsessed B2B software company with over 30 years of experience in PDF processing SDKs, conversion services, and document workflow solutions, serving enterprise customers in financial services, government, and healthcare, where data security and compliance are increasingly decisive.
• In this role, you will close existing compliance gaps, build repeatable processes, represent the company's security and compliance posture to customers and auditors, and evolve the program from reactive gap-closing to a sustained, professional framework, gaining deep expertise in global data protection regulations and security standards while making a tangible impact on trust-critical workflows used by over 30 million people monthly.

🎯 Requirements

• 3–5+ years of experience in information security, data protection, or compliance roles — ideally in a B2B software or SaaS environment
• Working knowledge of GDPR and Swiss FADP, including hands-on experience with ROPAs, DPAs, DSR handling, and data transfer mechanisms (SCCs, adequacy decisions)
• Familiarity with security frameworks and controls: ISO 27001, SOC 2, or similar — you don't need to have led a certification, but you should understand the requirements
• Ability to build and maintain a risk register and drive risk mitigation across teams
• Strong written and verbal communication in English (working language). German is a significant plus for Swiss regulatory context and local vendor interactions
• Pragmatic and structured: you can prioritize what matters in a 50-person company, not gold-plate processes designed for 5,000
• Comfortable working independently — this is a one-person function with leadership support, not a large team

🏖️ Benefits

• 30 vacation days - you can take them whenever you need them
• Flexibility: we have flexible working hours
• Sabbatical leave to employees who’ve been with us for over two years
• 16 weeks parental leave - 100% of your salary - for all new parents
• Pet-friendly Zurich office
• Well-being budget of up to 2,000 CHF every year for training, development, and physical and mental well-being
• Possibility of a Phantom stock option plan - PSOP (Conditions apply)
• Hack days to challenge you and your team, plus build amazing things

Skills & Technologies

Onsite

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Smallpdf AG

Visit Website

About Smallpdf AG

Smallpdf AG provides a web-based platform for PDF management, enabling users to compress, convert, merge, split, edit, sign and secure documents via browser or mobile apps. Founded in Switzerland, the company serves individuals, teams and enterprises worldwide, emphasizing ease of use, GDPR compliance and secure file handling. It offers both free limited access and tiered subscription plans, integrates with Google Drive, Dropbox and OneDrive, and processes millions of files monthly while maintaining ISO 27001-certified infrastructure and 256-bit TLS encryption.

View Company Profile

Get more remote jobs like this

Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.

Weekly remote jobs and featured talent.

No spam. Only curated remote roles and product updates. You can unsubscribe anytime.