IT Security & Compliance Lead

VIA HealthTech · Berlin
Arbeitnow

Posted

Jul 06, 2026 (9d ago)

Seniority

Lead

Work Model

Not Specified

Type

Not Specified

Category

Security

Salary

Not specified

Skills

IT Security Less

Description

VIA HealthTech automates psychotherapy documentation — from session notes to psychological reports — so therapists spend less time on admin and more time with patients.

We work at the intersection of mental healthcare, AI, and software. Security is central to what we build: we process highly sensitive data and already hold C5 and ISO27001 certification.

Tasks

We are looking for a hands-on IT Security & Compliance Lead to own security and compliance end-to-end at VIA.

This is a broad role in a small team. You will not only define policies — you will implement systems, configure tools, improve cloud and product security, run audits, and work directly with engineering to make security a practical part of how we build.

Your goal is to make VIA more secure while helping the team move faster, not slower.

What you’ll do

Own internal IT security end-to-end: devices, access management, 2FA, endpoint protection, policies, onboarding and offboarding

Professionalize and operate our internal IT setup

Own IT Compliance (ISO27001 and C5), including audits, evidence management, policies, risk management, corrective actions, auditor communication, and internal training

Improve cloud security across infrastructure, access control, encryption, logging, monitoring, and operational processes

Work closely with engineering on product security across web, desktop, mobile, backend, and AI-related systems

Help embed security into the development lifecycle without creating unnecessary overhead

Coordinate external security work such as penetration tests, security reviews, and vendor assessments where needed

Identify security gaps, prioritize what matters, and implement pragmatic improvements

Requirements

Required:

Strong hands-on experience in IT Security, Information Security, Cloud Security, or a closely related field

Practical experience securing cloud-based software products and internal IT environments

Solid understanding of IAM, endpoint security, device management, encryption, logging, access control, and incident response

Experience with ISO27001 and/or C5, ideally including audit ownership or major audit involvement

Ability to work directly with engineering teams on technical security topics

Strong operational ownership: you see what needs to be done and make it happen

Pragmatic judgment: you know how to raise the security bar without blocking a fast-moving team

Clear communication and comfort working in an async-first startup environment

Nice to have:

Experience in healthcare, regulated environments, or companies handling highly sensitive data

Experience with application security, secure SDLC, threat modeling, or vulnerability management

Experience with desktop app, mobile app, or AI security

Experience setting up or improving security processes in an early-stage or fast-growing company

What matters beyond the checklist

We are a 10-person startup. This role requires breadth, ownership, and hands-on execution.

You should be comfortable moving between strategic questions and operational details: one day improving cloud security architecture, another day tightening access policies, preparing audit evidence, reviewing product security, or configuring internal IT tools.

We are not looking for someone who only writes policies. We are looking for someone who builds and operates the security foundation VIA needs as it scales.

Benefits

Office in Berlin Mitte, flexible hours

Direct access to founders, CTO, and the full multidisciplinary team

Broad ownership over a core company function

Equity participation

No micromanagement — results over hours logged

Work at the intersection of AI, healthcare, software, and security

Find more English Speaking Jobs in Germany on Arbeitnow