Role Description SmartRecruiters is looking for a Senior Information Security Engineer to join the Governance, Risk & Compliance (GRC) team. This role is critical to ensuring that SmartRecruiters' applications, systems, and processes remain compliant with industry standards and regulatory requirements, including: - ISO 27001 - ISO 22301 - ISO 42001 - SOC 2 Type II - Cyber Essentials - GDPR - EU AI Act The successful candidate will combine strong GRC expertise with a technical, engineering mindset, driving compliance programmes across multiple frameworks while also addressing complex technical topics such as: - Business continuity - AI security - Cloud compliance This is not a purely audit-focused role; we need someone who can: - Assess security architectures - Support forensic investigations - Build automation to replace manual processes - Provide hands-on guidance to engineering and security teams - Identify opportunities to engineer scalable, repeatable solutions Qualifications - 5+ years of experience in information security, governance, risk, and/or compliance roles with a technical orientation - Demonstrated compliance or auditing experience with at least one major framework - Solid understanding of controls auditing principles and evidence management - Knowledge of risk management methodologies and experience conducting or supporting risk assessments - Ability to manage and deliver on multiple complex projects simultaneously, with minimal supervision - The ability to investigate, question, and interpret internal and external IT security and compliance issues at both a governance and technical level - A strong understanding of technology, cloud-based products, and SaaS environments - Experience working across business units and geographical boundaries to engage engineering, business, and operational teams - Experience with ISO 27001 - Excellent written and verbal communication skills in English Requirements - Professional certifications such as CISA, CRISC, CISM, CISSP, CCSK, CCSP, or equivalent - Experience with ISO 9001, 27017, and 27018 - Experience with ISO 22301 (Business Continuity), including BIA, BCP/DRP, and recovery testing - Experience with BSI C5 (Cloud Computing Compliance Criteria Catalogue) or similar cloud-specific compliance frameworks - Knowledge of AI security principles, experience with ISO 42001, or familiarity with the EU AI Act and its technical requirements - Technical understanding of cloud infrastructure (AWS preferred), networking fundamentals, identity management, and SaaS security architectures - Experience with enterprise risk management frameworks and tools - Understanding of threat modelling methodologies and secure development lifecycle (SDLC) principles - Hands-on experience with incident response, including participation in security incident investigations, containment, and post-mortem processes Benefits - Remote-friendly culture - Competitive salaries - Strong internal mobility - Meaningful growth opportunities - Environment built on respect and empowerment Company Description SmartRecruiters is the Recruiting AI Company that transforms hiring for the world’s leading enterprises. Built for global scale, SmartRecruiters, an SAP company, delivers an AI-powered hiring platform that automates and optimizes the entire talent acquisition process, ensuring faster and smarter hiring decisions. More than 4,000 companies, including Amazon, Visa, and McDonald's, rely on SmartRecruiters to build winning teams. Recognized by Fosway Industry Analysts as a strategic leader in recruitment technology for three consecutive years, and awarded by Comparably as a top company for Women, Perks and Benefits, Work-Life Balance, Happiness, Compensation, Diversity, and Culture - we take pride in creating a place where everyone can thrive.

• Track engineering output, tool releases, research papers, conference talks, milestones — and make sure each gets coverage. • Work through the existing backlog of shipped tools and research that never got written up publicly. • Create case studies, briefs, blog drafts, and marketing assets that work for both technical and business audiences. • Partner with Technical Editing on content pipelines, especially around report publications and blog production, and provide additional writing capacity when the team needs it. • Own the content calendar across practices. Coordinate publishing schedules so coverage is steady and nothing falls through the cracks. • Own social media across X, LinkedIn, and Bluesky. Maintain a consistent publishing cadence, engage with the community, and grow our audience. • Manage Trail of Bits’ presence at industry events and relevant conferences. • Plan and run multi-channel campaigns (social, email, webinars, conference activations) that drive pipeline. • Improve upon existing baselines, track performance, and create a reporting rhythm so the team knows what’s working and where we should continue investing.

• The Senior Corporate Security Engineer role is responsible for designing, building and operating the technical security systems and controls that protect Charlie Health’s corporate environment, workforce systems, endpoints, SaaS platforms, cloud-connected services and internal operations. • Engineer scalable security solutions for identity, endpoints, SaaS platforms, cloud-connected services, collaboration tools and internal systems • Partner with IT Engineering to embed secure-by-design practices into enterprise systems, integrations and infrastructure • Establish control patterns that improve security posture, operational efficiency, auditability and resilience • Design and improve identity and access controls across workforce systems, SaaS applications and privileged access workflows • Implement and mature controls for MFA, conditional access, device trust, role-based access, least privilege, service accounts and lifecycle automation • Help advance Charlie Health’s Zero Trust strategy through identity-centric control design, continuous verification and measurable trust signals • Engineer and improve security controls across Mac, Windows, mobile and BYOD environments • Support investigation and response for identity, endpoint, SaaS, email, cloud, data exposure and corporate security events

• Network security engineer for operational support • Help take the security to the next level in a proactive stance • Work on federal IT infrastructure • Collaborate with identity, cybersecurity, and network operations teams