Responsibilities:
Maintain and evolve ROOTKey's compliance framework across DORA, NIS2 and GDPR for European clientsLead SOC2 and ISO27001 certification and audit processes to meet US and enterprise buyer requirementsPartner with Sales to support due diligence, security questionnaires, and RFPs across EU, MENA and US dealsWork with Engineering to translate regulatory and certification requirements into product and infrastructure controlsMonitor the evolving regulatory landscape across ROOTKey's target markets and advise leadership accordinglyOwn internal policies, training, and audit-readiness documentationQualifications:
3-5+ years of experience in compliance, GRC, or information security within a regulated or B2B SaaS environmentHands-on experience with DORA, NIS2, and/or GDPRExperience leading or supporting SOC2 and/or ISO27001 certification processesAbility to translate regulatory language into clear, actionable guidance for Sales, Product and EngineeringComfortable operating in a fast-moving, cross-border scaleup environmentAdditional Information:
ROOTKey is a startup/scaleup - you'll build the compliance function, not just maintain oneHardware and home-office budget10 flexible remote working days per month, to use as you see fitA paid day off on your birthdayWhy ROOTKey
You'd be building on infrastructure that already runs at a 99.9% uptime SLA with a sub-4-hour recovery window, trusted by regulated organizations to make their compliance evidence defensible. The mission is simple to state and hard to execute: make trust verifiable, not implicit.