Security compliance Analyst

Product, Technology & Design
Full Time
Munich, Berlin
Apply now

Personio's intelligent HR platform helps small and medium-sized organizations unlock the power of people by making complicated, time-consuming tasks simple and efficient. Our team of 1,500 Personios is building user-friendly products that delight our 15,000+ customers and their 1.5 million employees. Ready to make an impact from day one?

The Role:

This role requires 2 days per month in the office and is based in Munich or Berlin.

Join us to shape the future of software in the underserved and high-impact HR technology industry. Your work will have a direct and tangible impact on customers, offering ownership and the chance to make a meaningful difference. As we prepare for significant growth, you’ll face exciting challenges and have the opportunity to influence our path toward becoming one of the world’s leading tech companies.

Security is a first-class priority at Personio. As a Security Compliance Analyst, you will be a key contributor within our Security organization, supporting and extending the work with our Security Compliance Manager to protect the trust our customers and partners place in us. You will lead our our technical risk management program, drive internal IT audit activity and support our external audits, and play a hands-on role in maintaining our current certifications - BSI C5, ISO 27001, and ISO 27017 - while helping to expand our compliance portfolio with new attestations such as SOC 1 and SOC 2. You will work cross-functionally across Engineering, IT, Legal, and HR, translating complex compliance and risk requirements into clear, actionable programs that scale with Personio’s growth.

What You'll Do:

  • Lead technical risk management - maintain and evolve the technical risk register, facilitate recurring risk review cycles with risk owners, and drive risk remediation using Hyperproof as the primary GRC platform.

  • Drive internal IT audit activity - draft and conduct internal audit plans, manage findings through to resolution, and maintain a repository of audit evidence and corrective action plans.

  • Partner with our Security Compliance Manager - support and continuously improve Personio’s Information Security Management System, aligned with ISO/IEC 27001:2022 and ISO/ICE 27017:2015. You will contribute to achieving new attestations (e.g. SOC 1, SOC 2) by coordinating evidence collection, managing control gaps, and interfacing with external auditors.

  • Drive compliance reporting - produce regular risk snapshots and audit status updates tailored for a range of stakeholders, from engineering teams to senior leadership, ensuring transparency across the organization.

  • Coordinate with stakeholders across the business - partner with teams in Engineering, IT, Legal, and HR to identify control gaps, support audit readiness, and ensure compliance documentation (policies, ISMS, SoA) is current and accurate.

  • Apply AI and modern tooling to scale GRC work - leverage LLMs and automation to accelerate tasks such as cross-standard control mapping, evidence correlation, and compliance gap analysis.

What You Need To Succeed:

  • 3–5 years of experience in a GRC, information security, or IT risk role, with demonstrated ownership of risk management processes - including risk identification, classification, and driving remediation with risk owners.

  • Hands-on familiarity with ISO 27001 and at least one other recognized framework (e.g. SOC 2, NIST) - including practical experience supporting audits, managing evidence, and working with control requirements. Additional nice to haves are experience with German frameworks, e.g. TISAX and BSI C5.

  • Audit experience - able to independently draft and execute internal audit plans, document findings, and track corrective actions through to closure.

  • Strong stakeholder management skills - comfortable presenting GRC work to both technical and non-technical audiences, coordinating across multiple teams, and driving compliance activities without direct authority.

  • Comfort with AI and LLM tooling - experience using language models to support compliance work (e.g. mapping controls across frameworks, drafting policies, summarizing audit findings) and an appetite to expand this capability.

  • Clear written and verbal communication in English - able to translate compliance and risk concepts into clear reporting and documentation for a wide range of stakeholders.

Why Personio?

Personio is an equal opportunities employer, committed to building an integrative culture where everyone feels welcomed and supported. We embrace uniqueness and understand that our diverse, values-driven culture makes us stronger. We are proud to have an inclusive workplace environment that will foster your development no matter your gender, civil status, family status, sexual orientation, religion, age, disability, education level, or race.

At Personio, we value in-person collaboration while also offering flexibility. This role is office-based, with 2 days per month required in your contracted office location. The remaining days can be worked from home or in the office if you prefer. In addition, you’ll have 20 Flex Days per year to work remotely from other locations.

Aside from our people, culture, and mission, check out some of the other benefits that make Personio a great place to work:

  • Receive a competitive reward package – reevaluated each year – that includes salary, benefits, and pre-IPO equity

  • Enjoy 28 days of paid vacation, plus an additional day after 2 and 4 years

  • Make an impact on the environment and society with 1 (fully paid) Impact Day

  • Receive generous family leave, child support, mental health support, and sabbatical opportunities

  • We enjoy gathering for meals, cultural initiatives, and events like local Summer Sessions and year-end celebrations. There's also healthy snacks, drinks, and a weekly catered lunch.

Apply now