Information Security Specialist (m/w/d)

Join to apply for the Information Security Specialist role at Epassi .

Get AI-powered advice on this job and more exclusive features.

Epassi’s purpose is to boost everyday well-being .
We are a leading provider of employee benefit solutions in Finland, Sweden, UK & Ireland, Italy, Germany, and the Netherlands. We were established in Finland in 2007, and in 2008 we were the first company to launch a mobile‑payable employee benefit payment solution in Europe. Since then, we have consistently grown, diversifying our products and introducing our services into new markets. Epassi has been awarded by the Financial Times as one of the fastest-growing companies in Europe on multiple occasions.

Do you want to impact the well-being of millions of users? Join us to make an impact in a fast‑paced and dynamic environment where you’ll play a key role in driving financial accountability, supporting strategic decisions, and enabling sustainable growth.

We are currently hiring an Information Security Specialist to be based in one of our offices in Hamburg or Bremen, Germany (Hybrid work is possible).

Your mission at Epassi

You will make our IT and data processing more secure—for Epassi, our customers, and our partners. In this role you will ensure that systems, applications, and cloud environments are operated securely, compliantly, and reliably, with a particular focus on Microsoft 365, privacy requirements, cloud security, and international regulatory contexts. The role combines strategic work on our information security roadmap with hands‑on implementation, monitoring, and incident response.

Your Responsibilities Will Be

You will lead the continuous development of our information security controls and compliance posture. This includes conducting risk assessments, implementing and documenting technical and organisational controls, participating in audits and regulatory responses, investigating security incidents, guiding secure integrations and projects across international teams, and driving awareness and training activities to improve security culture across the company.

What You’ll Be Doing (daily)

• Conducting security assessments of systems and cloud infrastructure and documenting findings.
• Implementing and refining security controls in Microsoft 365, cloud tenants, and collaborating on secure configuration standards.
• Developing and maintaining information security policies, procedures, and operational runbooks.
• Investigating security incidents, coordinating containment and remediation, and driving post‑incident reviews.
• Participating in internal and external audits and ensuring timely responses to regulator or customer enquiries.
• Delivering awareness sessions and security training for colleagues to increase the organisation’s security maturity.
• Coordinating with internal teams and external service providers (national and international) on integrations and security projects.

What You Should Bring

• 3–6 years of relevant professional experience in IT security, cloud security, or related IT roles (adjustable depending on candidate seniority).
• Bachelor’s degree in Computer Science, Information Security, Engineering, or equivalent practical experience.
• Demonstrable technical experience with Microsoft 365 security, cloud platform security, and incident response.
• Experience working within organisations of comparable size and complexity and collaborating with distributed/international teams.
• Strong sense of ownership, structured and solution‑oriented working style, and team collaboration skills.

Required Technical Skills

• Practical experience securing Microsoft 365 / Microsoft 365 Defender and related identity/services (Azure AD, Intune).
• Hands‑on knowledge of cloud security principles and configuration (Azure and/or AWS).
• Experience performing security assessments, vulnerability management, and remediation tracking.
• Incident detection and response experience (investigation, containment, remediation, lessons learned).
• Familiarity with privacy and data protection requirements in an international context (e.g., GDPR implications for cloud services).
• Ability to develop and maintain information security policies, procedures, and technical documentation.
• Experience with ISO 27001, SOC2, or other formal compliance frameworks and audit processes.

Your Language Profile

• Fluent English (spoken and written) for daily collaboration across international teams and for documentation.
• Proficiency in the local office language(s) (e.g., German) is highly advantageous for internal communication and local compliance tasks.
• Ability to communicate clearly with technical and non‑technical stakeholders.

Your Track Record

• Delivered security improvements in Microsoft 365 and cloud environments (for example, reduced privilege exposures, implemented conditional access, or improved incident handling timelines).
• Led or substantially contributed to audit or compliance activities, producing remediation plans and tracking closure.
• Investigated and resolved security incidents end‑to‑end, with documented lessons learned and process improvements.
• Implemented or improved security policies, controls, or awareness programmes that measurably improved team behaviour or reduced risk.

Your Competency Profile

• Risk‑based decision making: Prioritises security initiatives according to business risk and regulatory requirements, balancing security and operational needs.
• Communication and stakeholder management: Conveys technical issues clearly to leadership and non‑technical teams and secures buy‑in for security measures.
• Collaboration and coaching: Works effectively across teams, provides guidance to colleagues, and supports security awareness.
• Continuous improvement mindset: Seeks process and automation opportunities, drives measurable improvements in controls and monitoring.

Why You Should Join Us

• Be part of an ambitious growth journey and join a global community of driven, bold, entrepreneurial, yet humble Epassians in a company that is constantly evolving.
• Work with a clear purpose — boosting everyday wellbeing — and create a meaningful, positive impact on both individuals and society.
• Thrive in an open and inclusive culture with low hierarchy, where relationships are built on respect, camaraderie, and shared successes and challenges.
• Come as you are — we’ll bring out the best in you and support your personal and professional growth.
• Join a fast‑growing tech company with a strong financial foundation, offering opportunities to grow and make an impact together with us.
• Benefit from an inspiring and supportive work environment where employee wellbeing is a true priority.
• Contribute to solidifying our position as the number one player in Europe’s employee benefit market and help shape the next wave of success.

Seniority level

Mid‑Senior level

Employment type

Full‑time

Job function

Information Technology

Referrals increase your chances of interviewing at Epassi by 2x.

#J-18808-Ljbffr