Information Security Officer

We at Holycode are currently looking for an Information Security Officer to join our team, Carauktion. We are seeking someone who can dedicate themselves full-time for the first 6–12 months, and then transition into a part-time role to provide ongoing support and oversight.

Carauktion was founded in 2004 because of the need of the automotive industry and affiliated industries for an efficient, transparent and profitable vehicle remarketing business.

What began as a vehicle Internet auction platform continued to expand increasingly, because of the high requirements and expectations of the customers. Now Carauktion comprises four independent areas of business which fully cover the successful vehicle remarketing business. It serves as the hub of the profitable vehicle remarketing industry, as a marketplace for supply and demand, as a data supplier of qualitative "business to business" sales figures or as the company's own platform for the issue of licenses.

At the core of their efforts is the professional assumption of your remarketing process. With the various upstream and downstream Services linked to the sales process, Carauktion is the ideal outsourcing partner, concerned not only with professional sales but also able to take the load off your shoulders completely.

About the Role

We are looking for a hands-on Information Security Officer to join our IT/Engineering team. This is an operational role focused on implementing and enforcing security policies, driving ISO 27001 certification, and ensuring compliance with security and data protection standards. You will be responsible for writing policies, executing internal audits, coordinating external assessments, and ensuring security is embedded into day-to-day IT and engineering operations.

What You'll Be Doing

• • Develop, maintain, and enforce information security policies, standards, and procedures
  • Lead and coordinate ISO 27001 implementation, certification, and ongoing compliance
  • Support Swiss DSG / GDPR and other regulatory compliance requirements
  • Conduct internal audits, track remediation, and coordinate external security assessments
  • Monitor compliance with policies across IT, engineering, and business teams
  • Provide guidance and training to employees on information security practices
  • Collaborate with IT and DevOps to ensure secure configuration, access management, and vulnerability management
  • Support incident response processes, including documentation and reporting
  • Maintain documentation and evidence required for audits and certifications

What We're Looking For

• • Proven experience in an operational information security, IT security, or compliance role
  • Hands-on experience with ISO implementation, certification, and audits)
  • Good understanding of GDPR, Swiss DSG and data protection obligations
  • Strong technical foundation in IT systems and infrastructure (identity management, access control, logging, etc.)
  • Excellent documentation and policy writing skills
  • Ability to collaborate with IT, engineering, and business teams to enforce policies
  • Detail-oriented, structured, and proactive approach to compliance
  • Relevant certifications are a plus (ISO 27001 Lead Implementer/Auditor, CISM, CISA, etc.)

Nice to Have

• • Experience working in SaaS or multi-tenant cloud environments (AWS, GCP, Azure)
  • Background in IT operations or system administration
  • Previous experience supporting SOC2, NIST, or similar frameworks
  • German language skills

Why you'll love working here:

• Private health insurance
• Flexible work model – full remote or hybrid
• Equipment of your choice (laptop, monitor, accessories)
• High-growth company with innovative products
• Supportive, international team
• Budget for professional development (courses, books, conferences)
• English and German language lessons during working hours
• Nice office in Belgrade with a stocked kitchen and game area
• Opportunity to learn, grow, and make a real impact

If you are looking for an environment where you can grow professionally, learn from the best in the field, balance work and life habits and have a pleasant and enthusiastic environment, please submit your CV in English.

#LI-hybrid