IT Security & Compliance Lead
VIA HealthTech
Berlin, Germany • Vollzeit
Bewerben Sie sich als Erste/r!
- Erfahrung
- Beliebig
- Gehalt
- —
- Stellenangebote
- 1
- Veröffentlicht
- vor 1 Stunde
- Arbeitsmodus
- Im Büro
- Wieder aufnehmen
- Bewerbung erforderlich
Wo Sie arbeiten werden
Stellenbeschreibung
VIA HealthTech automates psychotherapy documentation — from session notes to psychological reports — so therapists spend less time on admin and more time with patients.
We work at the intersection of mental healthcare, AI, and software. Security is central to what we build: we process highly sensitive data and already hold C5 and ISO27001 certification.
TasksWe are looking for a hands-on IT Security & Compliance Lead to own security and compliance end-to-end at VIA.
This is a broad role in a small team. You will not only define policies — you will implement systems, configure tools, improve cloud and product security, run audits, and work directly with engineering to make security a practical part of how we build.
Your goal is to make VIA more secure while helping the team move faster, not slower.
What you’ll do
- Own internal IT security end-to-end: devices, access management, 2FA, endpoint protection, policies, onboarding and offboarding
- Professionalize and operate our internal IT setup
- Own IT Compliance (ISO27001 and C5), including audits, evidence management, policies, risk management, corrective actions, auditor communication, and internal training
- Improve cloud security across infrastructure, access control, encryption, logging, monitoring, and operational processes
- Work closely with engineering on product security across web, desktop, mobile, backend, and AI-related systems
- Help embed security into the development lifecycle without creating unnecessary overhead
- Coordinate external security work such as penetration tests, security reviews, and vendor assessments where needed
- Identify security gaps, prioritize what matters, and implement pragmatic improvements
Required:
- Strong hands-on experience in IT Security, Information Security, Cloud Security, or a closely related field
- Practical experience securing cloud-based software products and internal IT environments
- Solid understanding of IAM, endpoint security, device management, encryption, logging, access control, and incident response
- Experience with ISO27001 and/or C5, ideally including audit ownership or major audit involvement
- Ability to work directly with engineering teams on technical security topics
- Strong operational ownership: you see what needs to be done and make it happen
- Pragmatic judgment: you know how to raise the security bar without blocking a fast-moving team
- Clear communication and comfort working in an async-first startup environment
Nice to have:
- Experience in healthcare, regulated environments, or companies handling highly sensitive data
- Experience with application security, secure SDLC, threat modeling, or vulnerability management
- Experience with desktop app, mobile app, or AI security
- Experience setting up or improving security processes in an early-stage or fast-growing company
What matters beyond the checklist
We are a 10-person startup. This role requires breadth, ownership, and hands-on execution.
You should be comfortable moving between strategic questions and operational details: one day improving cloud security architecture, another day tightening access policies, preparing audit evidence, reviewing product security, or configuring internal IT tools.
We are not looking for someone who only writes policies. We are looking for someone who builds and operates the security foundation VIA needs as it scales.
Benefits- Office in Berlin Mitte, flexible hours
- Direct access to founders, CTO, and the full multidisciplinary team
- Broad ownership over a core company function
- Equity participation
- No micromanagement — results over hours logged
- Work at the intersection of AI, healthcare, software, and security