Information Security Officer

About the company

Openprovider is an ICANN-accredited domain registrar and technology company founded in 2004 in Rotterdam, Netherlands. 

We are a fully-remote organisation with more than 100 team members spread across 20+ countries. Remote working means no office, no painful commuting, and no stressful traffic - all you need is yourself, a laptop, and a cup of coffee

A diverse and inclusive organisation, we support a healthy work/life balance and are constantly looking for new ways to help the well-being of our people. We support a flexible schedule and are 100% performance and result-oriented.

At Openprovider, we're not just a company; we're a mission-driven team dedicated to transforming the domain industry. We believe in providing a trusted digital identity to every business. 

Our innovative approach is reshaping the industry from a traditional transactional model to a more customer-centric, subscription-based approach. We pay subscriptions for music, newspapers, and movies - why should domains be any different?

Come join us on our journey to create a trusted digital world.

About the role

The Information Security Officer / Lead Security & Compliance will be responsible for implementing and managing Openprovider’s security and compliance program. This includes safeguarding infrastructure, protecting customer data, and ensuring adherence to regulatory frameworks.

This role combines hands-on execution with cross-team collaboration, working closely with engineering, legal, product, and support teams. The position reports directly to the CTO.

Key responsibilities

Information Security Program

· Implement and maintain security policies, standards, and procedures.

· Perform risk assessments, track risks in a register, and coordinate mitigation plans.

· Support development of a company-wide information security framework.

Compliance & Regulatory Alignment

· Ensure compliance with NIS2 Directive, GDPR, ICANN obligations, and country-specific regulations.

· Support audits, certifications (ISO 27001:2022), and vendor assessments.

· Maintain documentation and prepare compliance reports.

Operational Security

· Support implementation and monitoring of controls such as DNSSEC, TLS, IAM, vulnerability scanning, and endpoint protection.

· Contribute to the incident response process and escalation plans.

· Assist in defining and testing business continuity and disaster recovery measures.

Collaboration with Engineering & DevOps

· Work with technical teams to embed security practices in the SDLC.

· Contribute to reviews of architecture and infrastructure, with a focus on GCP cloud environments.

· Participate in security assessments of APIs, DNS systems, and customer-facing applications.

Training & Awareness

· Promote security awareness across the company.

· Provide input into training sessions, communications, and best practice guidelines.

Qualifications & Experience

 5+ years in information security or compliance roles, with some leadership exposure.

Solid knowledge of European regulations (GDPR, NIS2), ISO 27001 or similar frameworks, Cloud and SaaS security practices.

Familiarity with registrar, DNS, or domain ecosystem is a strong plus.

Experience with audits, certifications, or vendor security reviews is desirable.

Preferred Certifications

CISSP, CISM, CISA, or equivalent

ISO 27001 Lead Implementer/Auditor

Knowledge of ICANN policies or security communities

What we offer

100% remote work (you can work from any location, no need to go to the office);

Paid time off and sick leave;

International team and regular online and offline events to stay connected;

Internal workshops, and knowledge-sharing sessions;

Quarterly reviews and annual salary review;

Flexible working hours;

Budget for learning;

We are an ISO 27001-certified remote workplace;

Exposure to global regulatory trends in internet infrastructure;

Opportunity to define and own the security strategy at scale.

Openprovider is an equal opportunity employer committed to diversity and inclusion. We welcome all qualified candidates to apply.