Information Security Manager

WHO WE ARE
Ovoko is transforming Europe’s €25B+ used car parts market - a massive, fragmented industry still largely offline. We connect 6,000+ scrapyard owners, car parts sellers and dismantlers with millions of buyers through our marketplace, SaaS and logistics platform, making it effortless to trade parts across borders. With over 35 million parts listed, we’ve grown into one of Europe’s fastest-scaling e-commerce companies, but the real opportunity lies ahead, as we build a real category-defining platform worldwide.
ABOUT THE ROLE
We are a fast-growing series B scale-up seeking a pragmatic and experienced Information Security Lead (GRC) to guide us through our next major milestone: ISO 27001 certification.
In this critical role, you will be the bridge between compliance requirements and our strong technical engineering and business operations teams. While you won't need to configure every firewall yourself, you will define the policies that govern them and stay technically hands-on with vulnerability management and tooling. Your mission is to build a sustainable Information Security Management System (ISMS) that supports our rapid growth trajectory without slowing down our operations.
Impact and Growth: This is a foundational role with significant autonomy. You will be our first dedicated security hire, giving you the unique opportunity to define our security culture and architecture from the ground up. As Ovoko scales, we expect the scope of this position to evolve, allowing you to take ownership of broader security initiatives, technical defenses, and the long-term strategic direction of our security operations.

IN THIS ROLE, YOU WILL

• Lead the ISO 27001 Journey: Drive the end-to-end process for achieving ISO 27001 certification by the end of the year, acting as the primary owner of the ISMS.
• Translate Risk to Engineering: Conduct risk assessments and translate "compliance controls" into clear, actionable Jira tickets/backlog items for our IT and Engineering teams.
• Create Pragmatic Policy: Design and maintain essential security policies (Access Control, Incident Management, Business Continuity Policy, Disaster Recovery Plan and others) that are practical for a fast-moving scale-up, ensuring they are not just "shelf-ware."
• Manage Audits & Governance: Act as the main point of contact for external auditors, conduct internal audits, and gather the necessary evidence (logs, tickets, artifacts) to prove compliance.
• Foster Security Culture: Organize security awareness trainings and cooperate closely with other Ovoko employees to ensure security is built into our processes, not bolted on at the end.
• Ensure Compliance: Oversee adherence to industry regulations including GDPR, NIS2, and ISO 27001, ensuring our documentation is constantly updated and audit-ready.

WHAT WE ARE LOOKING FOR

• GRC Experience: 5+ years of experience in Information Security Governance, Risk, and Compliance, with a proven track record of participating in or leading an ISO 27001 implementation.
• Technical Background: Previous experience in IT Operations, System Administration or Network Engineering is highly preferred. You must be able to "speak the language" of our engineers to be effective.
• Strategic Influence: You don't just report risks; you "sell" solutions. You must be able to build strong business cases for security initiatives and get active buy-in from C-level executives and Engineering Managers.
• Bridge-Building Communication: You act as a translator between compliance mandates and technical execution. You can explain complex regulations in plain language to stakeholders and define precise technical requirements for engineers.
• Risk-Based Mindset: You prioritize tasks based on actual risk impact rather than trying to "fix everything at once."
• Communication Skills: Strong ability to translate complex regulations into plain English for stakeholders and technical requirements for engineers.
• Certifications: Professional certifications such as CISM, CISA, CISSP, or ISO 27001 Lead Implementer/Auditor are a strong plus.
• Fluency in English: Excellent at communicating in spoken and written.

SALARY
The offered salary range for this position starts from 5000 € (gross) per month. Please keep in mind that we are also open to discuss your salary expectations based on your competencies and experience.
PERKS AND BENEFITS
• Learning budget for your personal and professional growth• Private health insurance• Employee stock option plan• Work from anywhere in the world for up to 30 days per year• Close collaboration with ambitious colleagues & a real opportunity to shape the “big picture”• Top-notch hardware and software (MacOS or Windows to choose from)• Flexible working hours & remote work opportunities• Pet-friendly office with collaborative spaces, chill zones, our own gym & a kitchen full of snacks and drinks
Discover all our perks by visiting our website: https://about.ovoko.com/career/#perks