Security & Compliance Specialist

Complexio is Foundational AI. This works to automate business activities by ingesting whole company data – both structured and unstructured – and making sense of it. Using proprietary models and algorithms Complexio forms a deep understanding of how humans are interacting and using it. Automation can then replicate and improve these actions independently.

Complexio is a joint venture between Hafnia, in partnership with Marfin Management, C Transport Maritime, Trans Sea Transport and BW Epic Kosan and Símbolo

We are looking for a Security & Compliance Speciallist to own and drive our security and compliance requirements. This role is hands-on and strategic, balancing day-to-day operations with long-term initiatives to ensure our organisation remains secure, resilient, and compliant. You will work closely with engineering, product, and leadership teams to embed security into everything we do, while also representing our security and compliance posture to customers, partners, and auditors.

Requirements

• Security Governance & Compliance
• Lead the company’s efforts to achieve and maintain ISO 27001 (and other frameworks as needed, e.g., SOC 2, EU AI Act readiness).
• Establish, document, and evolve security and compliance policies, ensuring they meet company needs and regulatory requirements.
• Drive security and compliance initiatives across business functions, engaging senior stakeholders.
• Monitor changes in relevant compliance frameworks (e.g., CIS Benchmarks, EU AI Act, GDPR) and adapt processes accordingly.

Operational Security

• Oversee day-to-day security operations, including vulnerability management, access reviews, and incident response readiness.
• Provide insights and triage signals from security tooling (SAST, DAST, dependency scanning, SIEM).
• Work hands-on to perform internal security assessments or penetration testing.
• Manage relationships with external pentest providers, auditors, and assessors.
• Secure Development Lifecycle (SDLC)
• Partner with engineering teams to embed security in the SDLC and DevSecOps practices.
• Advise and guide on secure coding practices, threat modeling, and architectural reviews.
• Instrument automated tooling for CI/CD pipelines to improve visibility of security signals and enforcement.
• Customer & External Engagement
• Represent the company’s security, privacy, and data protection posture in customer and partner discussions.
• Provide clear and confident explanations of controls, certifications, and processes during due diligence.
• Contribute to security documentation for customer-facing materials.
• Risk Management & Strategy
• Perform regular risk assessments and maintain the company’s risk register.
• Translate technical risks into business context to enable leadership decisions.
• Proactively identify emerging security and compliance risks (including AI-related risks) and propose mitigation strategies.

Qualifications

• Proven experience in a security engineering, compliance, or security leadership role.
• Strong understanding of security standards and frameworks (ISO 27001, SOC 2, CIS, NIST, GDPR, EU AI Act).
• Hands-on technical skills in areas such as penetration testing, application security, or infrastructure hardening.
• Familiarity with modern software development practices, DevSecOps, and cloud-native architectures (preferably Python eco-system, Kubernetes and Azure/AWS/GCP).
• Excellent communication skills with the ability to influence stakeholders and explain security to both technical and non-technical audiences.
• Experience working with auditors, external assessors, and customer security teams.

Nice-To-Have

• Prior experience building security functions in a fast-growing SaaS or AI/ML-driven company.
• Knowledge of AI-specific compliance and risk frameworks (NIST AI RMF, EU AI Act).

Benefits

• Join a pioneering joint venture at the intersection of AI and industry transformation.
• Work with a diverse and collaborative team of experts from various disciplines.
• Opportunity for professional growth and continuous learning in a dynamic field.