← Toutes les offres

IT Security & Compliance Lead

VIA HealthTech · Berlin
CDD arbeitnow
IT Security
Postuler sur arbeitnow
VIA HealthTech automates psychotherapy documentation — from session notes to psychological reports — so therapists spend less time on admin and more time with patients.
We work at the intersection of mental healthcare, AI, and software. Security is central to what we build: we process highly sensitive data and already hold C5 and ISO27001 certification.
Tasks
We are looking for a hands-on IT Security & Compliance Lead to own security and compliance end-to-end at VIA.
This is a broad role in a small team. You will not only define policies — you will implement systems, configure tools, improve cloud and product security, run audits, and work directly with engineering to make security a practical part of how we build.
Your goal is to make VIA more secure while helping the team move faster, not slower.
What you’ll do

Own internal IT security end-to-end: devices, access management, 2FA, endpoint protection, policies, onboarding and offboarding
Professionalize and operate our internal IT setup
Own IT Compliance (ISO27001 and C5), including audits, evidence management, policies, risk management, corrective actions, auditor communication, and internal training
Improve cloud security across infrastructure, access control, encryption, logging, monitoring, and operational processes
Work closely with engineering on product security across web, desktop, mobile, backend, and AI-related systems
Help embed security into the development lifecycle without creating unnecessary overhead
Coordinate external security work such as penetration tests, security reviews, and vendor assessments where needed
Identify security gaps, prioritize what matters, and implement pragmatic improvements

Requirements
Required:

Strong hands-on experience in IT Security, Information Security, Cloud Security, or a closely related field
Practical experience securing cloud-based software products and internal IT environments
Solid understanding of IAM, endpoint security, device management, encryption, logging, access control, and incident response
Experience with ISO27001 and/or C5, ideally including audit ownership or major audit involvement
Ability to work directly with engineering teams on technical security topics
Strong operational ownership: you see what needs to be done and make it happen
Pragmatic judgment: you know how to raise the security bar without blocking a fast-moving team
Clear communication and comfort working in an async-first startup environment

Nice to have:

Experience in healthcare, regulated environments, or companies handling highly sensitive data
Experience with application security, secure SDLC, threat modeling, or vulnerability management
Experience with desktop app, mobile app, or AI security
Experience setting up or improving security processes in an early-stage or fast-growing company

What matters beyond the checklist
We are a 10-person startup. This role requires breadth, ownership, and hands-on execution.
You should be comfortable moving between strategic questions and operational details: one day improving cloud security architecture, another day tightening access policies, preparing audit evidence, reviewing product security, or configuring internal IT tools.
We are not looking for someone who only writes policies. We are looking for someone who builds and operates the security foundation VIA needs as it scales.
Benefits

Office in Berlin Mitte, flexible hours
Direct access to founders, CTO, and the full multidisciplinary team
Broad ownership over a core company function
Equity participation
No micromanagement — results over hours logged
Work at the intersection of AI, healthcare, software, and security

Find more English Speaking Jobs in Germany on Arbeitnow