Compliance specialist • zurich
For more than 30 years, Pdftools has helped organizations around the world handle their documents with confidence.Behind every secure form, every archived record and every automated workflow, there... Mehr anzeigen
We are seeking a Compliance Officer to support a targeted Know Your Customer (KYC) remediation initiative within a Private Banking project, a strategic program aimed at improving the overall qualit... Mehr anzeigen
September 2026 oder nach Vereinbarung.Assistant) Manager im Bereich Consulting.Teil eines ambitionierten und engagierten Teams, das täglich daran arbeitet, Banken, Versicherungen und andere Finanzd... Mehr anzeigen
Du entwirfst und überprüfst Reglemente und Weisungen und reviewst Kundendossiers.Du analysierst die Auswirkungen von Regulierungen auf Finanzdienstleister und entwickelst Lösungen für die Umsetzung... Mehr anzeigen
Crypto Finance Group, part of Deutsche Börse Group, provides professional digital asset solutions to institutional clients.The Group comprises Crypto Finance AG, regulated by FINMA in Switzerland, ... Mehr anzeigen
At Julius Baer, we celebrate and value the individual qualities you bring, enabling you to be impactful, to be entrepreneurial, to be empowered, and to create value beyond wealth.Let’s shape the fu... Mehr anzeigen
Support the Singapore Local Compliance in conducting reviews in accordance with local regulations and internal policies/procedures.Support the Singapore Local Compliance in the oversight and assess... Mehr anzeigen
Crypto Finance Group, part of Deutsche Börse Group, provides professional digital asset solutions to institutional clients.The Group comprises Crypto Finance AG, regulated by FINMA in Switzerland, ... Mehr anzeigen
Curious about how the financial world really works — and how regulation shapes the future of banks and financial institutions?If you’re eager to learn, excited to explore regulatory topics, and wan... Mehr anzeigen
Unser Kunde ist ein international tätiger Anbieter von spezialisierten Dienstleistungen in den Bereichen Vermögensstrukturierung, Trust Services und Corporate Solutions.Das Unternehmen betreut ansp... Mehr anzeigen
Spezialist:in Compliance – Geldwäschereibekämpfung (befristet für 6 Monate) 80% - 100% | Direktbank / Service Center | Zürich | Berufserfahrene Die Direktbank der Zürcher Kantonalbank ist zuständig... Mehr anzeigen
Reviews and processes requests from external customers to initiate long-term care claims, ensuring forms are complete and in good order to avoid delays.Exercises sound judgment, supported by system... Mehr anzeigen
You are at the heart of where precision meets production, turning complex kinetic designs into reliable, high performance reality.As Kinetics Specialist for Production, you step into a mission crit... Mehr anzeigen
The Amazon Web Services Professional Services (ProServe) team is seeking a skilled Delivery Consultant to join our team at Amazon Web Services (AWS).In this role, you'll work closely with customers... Mehr anzeigen
IT Governance & M365 Compliance Specialist.Für unseren Kunden, ein öffentlich-rechtlicher Energiedienstleister aus Bern, suchen wir eine:n IT Governance & M365 Compliance Specialist.Analy... Mehr anzeigen
Die Leichtbau AG ist ein weltweit tätiges Unternehmen, spezialisiert in der Entwicklung und Herstellung innovativer Produkte in der Leichtbautechnik, fokussiert auf den Einsatz in der Zivilluftfahr... Mehr anzeigen
Das Netzwerk von Grant Thornton umfasst mehr als 80'000 Mitarbeitende in über 150 Ländern.Grant Thornton Schweiz/Liechtenstein ist Teil dieses Netzwerks und gehört zudem zur Grant Thornton Advisors... Mehr anzeigen
Our lifesaving medical devices, developed and manufactured at our Zurich site, support patients with severe heart disease worldwide.Our Zurich team of approximately 150 colleagues brings together e... Mehr anzeigen
Who Are We?
For more than 30 years, Pdftools has helped organizations around the world handle their documents with confidence. Behind every secure form, every archived record and every automated workflow, there's a moment where trust matters — and our technology makes those moments work.
We believe documents are more than files. They're the heartbeat of how people communicate, protect information, prove identity and keep society running. As a Swiss B2B software company, we specialize in PDF processing SDKs, conversion services and document workflow solutions — serving enterprise customers, system integrators and OEMs across regulated industries including financial services, government and healthcare. Part of a growing group, we operate in a market where data security, compliance maturity and regulatory readiness are increasingly decisive.
We're Swiss-built, quality-obsessed and deeply committed to doing things the right way. And we're human at our core: curious, collaborative and motivated by solving real problems for real people.
Today, we're innovating faster than ever and we're ready to grow the team that helps us do it.
Goal
PDF Tools AG is building its compliance and security capability from an early-stage foundation toward a structured, auditable framework. Today, compliance responsibilities are distributed across leadership — the CEO is formally accountable, the CTO drives execution — but there is no dedicated operational owner. As the company grows and the regulatory landscape intensifies (GDPR, Swiss FADP, AI Act, DORA, NIS2), we need a single person who owns this domain end-to-end and can move it from reactive gap-closing to a sustained, professional program.
This role was created to provide that dedicated ownership: someone who can take over the running compliance program, close remaining gaps, build repeatable processes, and represent the company's security and compliance posture toward customers, auditors, and partners.
What You Will Own
Privacy Governance & Data Protection
Own and maintain the Register of Processing Activities (ROPA) — currently established but requiring ongoing expansion and review.
Ensure compliance with GDPR, Swiss FADP (revDSG), and CCPA requirements across all company operations.
Manage data subject request (DSR) workflows and ensure timely, compliant responses.
Own the retention and deletion policy — define, implement, and enforce data lifecycle rules.
Maintain and improve the company's privacy policies (website, HR, product-level).
Vendor & Third-Party Risk Management
Maintain the processor register and DPA repository.
Ensure all active vendors/processors have reviewed DPAs with appropriate safeguards (SCCs, Swiss addenda).
Establish and run an annual vendor review cadence.
Map and document international data transfers and safeguards.
Security & Technical Measures
Own the company's Technical and Organizational Measures (TOMs) documentation.
Drive formalization and periodic testing of security controls.
Coordinate penetration testing with external partners.
Build toward a security monitoring and incident response capability.
Own the risk register — maintain it, drive risk owners to close items, report to leadership.
Evaluate and recommend security tooling (e.g., CVE scanning, static analysis integration, SIEM).
Regulatory & Certification Readiness
Track emerging regulatory requirements (AI Act, DORA, NIS2) and assess applicability.
Prepare the company for potential ISO 27001 or SOC 2 certification when strategically appropriate.
Coordinate with external legal counsel (currently MLL) on regulatory assessments and policy drafting.
Customer & Business-Facing Compliance
Respond to customer compliance questionnaires and security assessments.
Support sales and pre-sales with compliance documentation, certifications overview, and security posture materials.
Ensure product-level compliance considerations (e.g., OSS license management, SBOM generation) are integrated into engineering workflows.
What You Will NOT Own (But Will Collaborate On)
OSS license compliance in code: Engineering owns remediation and CI/CD integration — you provide the policy framework and audit.
Product security features (encryption, access control, signatures): Engineering and Product own implementation — you define requirements and validate.
Contract negotiation: Legal and Sales lead — you provide compliance input and review DPA terms.
IT operations and infrastructure security: IT/DevOps owns day-to-day — you define policy and audit.
What This Looks Like Day-to-Day
In the first 6 months, you will spend most of your time closing existing gaps: completing the ROPA, getting DPAs in place, formalizing TOMs, and building the risk register into a living document. You will work closely with the CTO, who has been driving this work and will hand over operational ownership to you. You will also interface with external counsel and respond to customer questionnaires that come in through Sales.
Once the foundation is solid, the role shifts toward maintaining and improving the program: running periodic reviews, preparing for audits, tracking regulatory changes, and building internal awareness through training and guidelines.
What We Are Looking For
Must-Have
3–5+ years of experience in information security, data protection, or compliance roles — ideally in a B2B software or SaaS environment.
Working knowledge of GDPR and Swiss FADP, including hands-on experience with ROPAs, DPAs, DSR handling, and data transfer mechanisms (SCCs, adequacy decisions).
Familiarity with security frameworks and controls: ISO 27001, SOC 2, or similar — you don't need to have led a certification, but you should understand the requirements.
Ability to build and maintain a risk register and drive risk mitigation across teams.
Strong written and verbal communication in English (working language). German is a significant plus for Swiss regulatory context and local vendor interactions.
Pragmatic and structured: you can prioritize what matters in a 50-person company, not gold-plate processes designed for 5,000.
Comfortable working independently — this is a one-person function with leadership support, not a large team.
Nice-to-Have
Experience with OSS license compliance (SBOM generation, license scanning tools like BlackDuck, FOSSA, or similar).
Exposure to AI Act, DORA, or NIS2 requirements.
Background in software development or engineering — enough to understand CI/CD pipelines, cloud infrastructure, and product architecture at a conceptual level.
Experience in an M&A or due diligence context where compliance posture was a factor.
Relevant certifications: CIPP/E, CIPM, CISM, ISO 27001 Lead Implementer, or similar.
Why you’ll love working at Pdftools
Pdftools is a place where people genuinely care about doing things well.
We believe in precision, empathy, collaboration, and continuous improvement - and we live those values every day.
You’ll be supported by deep technical expertise, surrounded by kind people, and given the space to build something meaningful. With a strong, trusted product behind you and a team committed to solving real problems together, your work will matter far beyond marketing.
Because our technology touches essential workflows around the world, your impact will reach people and organizations who rely on us when trust and integrity matter most.
If you want to help shape the way the world shares information with trust and integrity - we’d love to meet you.
Our benefits
You get to impact how over 30 million people get work done monthly.
Push boundaries and dare to fail - that’s how we learn!
️ 30 vacation days - yep, you read that right - you can take them whenever you need them.
Flexibility: we have flexible working hours.
Need a long break? We offer sabbatical leave to employees who’ve been with us for over two years.
16 weeks parental leave - 100% of your salary - for all new parents.
Don’t leave your four-legged friends at home; our Zurich office is pet-friendly.
A well-being budget of up to 2,000 CHF every year that can be used for training and development (plus days off for courses or training) and for physical and mental well-being purposes.
Possibility of a Phantom stock option plan - PSOP (Conditions apply).
Hack days to challenge you and your team, plus build amazing things.
How to Apply
Please apply using the form below and upload your CV - in English, as it’s the standard working language at Pdftools. A PDF format is preferred.
Compensation philosophy
At Pdftools, we believe compensation should be fair, transparent, and thoughtfully aligned with the value each person brings to our team. Our approach balances several key factors - current market trends, role expectations, seniority, experience, and geographic location - to ensure every offer is both competitive and equitable.
We review our salary ranges regularly to stay in step with the evolving market, and we make decisions based on skills, impact, and responsibility rather than negotiation strength. Our goal is simple: to recognize and reward great work, support long-term growth, and create a compensation structure that feels fair, consistent, and grounded in integrity.
We want everyone at Pdftools to feel valued, supported, and empowered to do their best work - and our compensation philosophy is designed to reflect exactly that.
Hiring policy
Pdftools is an equal-opportunity employer, and we believe our strength comes from a team that reflects a wide range of backgrounds, identities, perspectives, and lived experiences. We welcome applicants of all genders, ethnicities, ages, abilities, orientations, and life paths. You’ll also have the option to share your pronouns and answer an anonymous demographic questionnaire when you apply. This information is completely voluntary, but it helps us stay accountable in building an inclusive and equitable hiring process.
We use AI thoughtfully in our day-to-day work, but we value human curiosity, creativity, and integrity above all. We’re excited to meet candidates who bring genuine expertise, real stories, and authentic experience to the table.
By submitting your application, you agree to Pdftools handling and storing your data in accordance with our privacy guidelines.
%20-%20G96){kind=logo}
