Polysense is scaling fast. We're building operational intelligence software that's reshaping how food manufacturers work — customers like Agristo, Aviko, Lotus Biscoff, and La Lorraine are already running on it. As we grow, so do the expectations around how we handle data, infrastructure, and trust. Security and compliance are no longer nice to have. They're core to how we operate and how we sell.
To make that happen, we're hiring a Security Compliance Specialist. This is a zero-to-one role. You are the person who builds the security and compliance function at Polysense, sets the standards, and makes them stick. There is no existing team to inherit and no framework to maintain on someone else's behalf. You are starting something. Leadership will back you, engineering will partner with you, and sales will rely on you. The direction is yours to set, because no one has set it yet.
The mission is to build a security and compliance foundation that Polysense's customers can trust, that holds up to external scrutiny, and that scales with a company that isn't slowing down.
💼 What you’ll be doing
01. Information security frameworks
Own ISO 27001 and SOC 2 from end to end. That means gap analysis, policy development, implementation, certification, and ongoing maintenance. You run the process and you keep it alive after the certificate is on the wall.
Drive NIS2 and CRA compliance as they become increasingly relevant to our operating environment. Understand where Polysense sits in scope across both frameworks and make sure our obligations are documented and met.
Develop and maintain the internal policy library: information security policies, access control, risk management, incident response, and everything in between. Policies don't write themselves and they don't stay accurate without someone owning them.
Coordinate with external auditors and specialists during certification cycles. You prepare Polysense for those conversations and you manage the process through to completion.
02. GDPR and data protection
Own GDPR compliance at Polysense. From the register of processing activities to data protection impact assessments to vendor and sub-processor reviews, this is your domain.
Be the internal reference point for anything data protection related. When the sales team has a question, when legal needs input, when a customer asks, the answer comes from you.
Keep GDPR obligations up to date as the product evolves and as our customer base grows. Compliance is not a one-time project.
03. Customer trust and internal audits
Handle inbound customer security questionnaires. Our customers are large food manufacturers with their own compliance requirements, and they want to know Polysense takes this seriously. You make sure we can answer confidently and accurately.
Run internal audits and manage the relationship with external penetration testing partners. You coordinate the work, own the findings, and track remediation.
Build and own the incident response plan. If something goes wrong, we need to know exactly what to do, who does it, and how fast. That plan starts with you.
Key point:
You don't need deep offensive security skills. But you do need to understand how deep tech SaaS or HW/SW SaaS products are built, where they break, and how to close gaps before they become problems.
💪 What you bring
Background & Experience
Meaningful hands-on experience in a security, compliance or IT role with a clear focus on information security frameworks. You've done this before and you know what you're doing
Solid working knowledge of ISO 27001, SOC 2, GDPR and NIS2. You know these frameworks in practice, not just in theory
A background in IT is important. You need to understand how systems are built to understand where they're exposed
Familiarity with the tech stack of a deep tech SaaS or Hardware/Software SaaS company is a strong plus, close to a requirement. You don't need to be an engineer, but you need to speak the language
Experience with Azure, Azure DevOps or a compliance automation platform like Vanta is a strong plus
Experience in a startup or scale-up is a genuine bonus. You know what it means to build without a playbook
Exposure to the food manufacturing or food tech industry is a nice to have
Mindset & way of working
You own it fully
You are the only security specialist at Polysense. No one will have the answers before you do. You set the direction, build the processes, and drive them forward without waiting to be asked
Compliance enables, not blocks
You understand that good security makes the business faster, not slower. You know how to build frameworks that hold up to scrutiny without creating unnecessary friction for the team.
Clear communicator across the board
You work with engineers, sales and leadership. You can translate technical compliance requirements into language that makes sense to all of them, and you bring people along with you.
🌟 What success looks like
✓ ISO 27001 certification is achieved and maintained through a clear, repeatable process you built and own
✓ SOC 2 compliance is structured, documented and progressing on a timeline you control
✓ GDPR, NIS2 and CRA obligations are up to date, owned and never a source of last-minute scrambling
✓ Customer security questionnaires are handled quickly, accurately and without pulling in half the company to answer them
✓ An incident response plan exists, is tested and the team knows how to use it
✓ Security is embedded in how Polysense builds and ships, not bolted on after the fact
