About The Company
Openprovider is an ICANN-accredited domain registrar and technology company founded in 2004 in Rotterdam, Netherlands.We are a fully-remote organisation with more than 100 team members spread across 20+ countries. Remote working means no office, no painful commuting, and no stressful traffic - all you need is yourself, a laptop, and a cup of coffee!A diverse and inclusive organisation, we support a healthy work/life balance and are constantly looking for new ways to help the well-being of our people. We support a flexible schedule and are 100% performance and result-oriented.At Openprovider, we're not just a company; we're a mission-driven team dedicated to transforming the domain industry. We believe in providing a trusted digital identity to every business.Our innovative approach is reshaping the industry from a traditional transactional model to a more customer-centric, subscription-based approach. We pay subscriptions for music, newspapers, and movies - why should domains be any differentCome join us on our journey to create a trusted digital world.
About The Role
The Information Security Officer / Lead Security & Compliance will be responsible for implementing and managing Openprovider's security and compliance program. This includes safeguarding infrastructure, protecting customer data, and ensuring adherence to regulatory frameworks.This role combines hands-on execution with cross-team collaboration, working closely with engineering, legal, product, and support teams. The position reports directly to the CTO.
Key Responsibilities
Information Security Program
- Implement and maintain security policies, standards, and procedures.
- Perform risk assessments, track risks in a register, and coordinate mitigation plans.
- Support development of a company-wide information security framework.
Compliance & Regulatory Alignment
- Ensure compliance with NIS2 Directive, GDPR, ICANN obligations, and country-specific regulations.
- Support audits, certifications (ISO 27001:2022), and vendor assessments.
- Maintain documentation and prepare compliance reports.
Operational Security
- Support implementation and monitoring of controls such as DNSSEC, TLS, IAM, vulnerability scanning, and endpoint protection.
- Contribute to the incident response process and escalation plans.
- Assist in defining and testing business continuity and disaster recovery measures.
Collaboration with Engineering & DevOps
- Work with technical teams to embed security practices in the SDLC.
- Contribute to reviews of architecture and infrastructure, with a focus on GCP cloud environments.
- Participate in security assessments of APIs, DNS systems, and customer-facing applications.
Training & Awareness
- Promote security awareness across the company.
- Provide input into training sessions, communications, and best practice guidelines.
Qualifications & Experience
- 5+ years in information security or compliance roles, with some leadership exposure.
- Solid knowledge of European regulations (GDPR, NIS2), ISO 27001 or similar frameworks, Cloud and SaaS security practices.
- Familiarity with registrar, DNS, or domain ecosystem is a strong plus.
- Experience with audits, certifications, or vendor security reviews is desirable.
Preferred Certifications
- CISSP, CISM, CISA, or equivalent
- ISO 27001 Lead Implementer/Auditor
- Knowledge of ICANN policies or security communities
What We Offer
- 100% remote work (you can work from any location, no need to go to the office);
- Paid time off and sick leave;
- International team and regular online and offline events to stay connected;
- Internal workshops, and knowledge-sharing sessions;
- Quarterly reviews and annual salary review;
- Flexible working hours;
- Budget for learning;
- We are an ISO 27001-certified remote workplace;
- Exposure to global regulatory trends in internet infrastructure;
- Opportunity to define and own the security strategy at scale.
Openprovider is an equal opportunity employer committed to diversity and inclusion. We welcome all qualified candidates to apply.
