About You

As a Fractional Security & Compliance Lead (20-40%) at Optiml, you will take full ownership of our security and compliance function. You’ll run our SOC 2 Type II and ISO 27001 programs end to end, coordinating audits, managing evidence and remediation, and ensuring controls stay effective as the company scales.

This is a hands-on role. You’ll administer and secure our internal IT and identity stack (Microsoft 365 / Entra ID, Google Workspace, access management, device provisioning), design and enforce RBAC and least-privilege access, and own onboarding and offboarding processes. You’ll also respond directly to enterprise customer security questionnaires, maintaining a clear, reusable knowledge base.

You’ll work closely with the CTO and Head of Operations but operate independently day to day, with flexibility around hours and workload. We’re looking for someone who has done this before—who can move quickly, automate where possible, and treat security as a practical enabler for the business, not a checkbox exercise.

About Optiml

Optiml is revolutionizing real estate with our Real Estate Decision Intelligence (REDI) software—a new class of decision technology that embeds AI to help decarbonize buildings while optimizing asset financial performance.

We are an ETH Zurich spin-off that launched its first product in April 2024 and has since been scaling across Europe and the United States, earning major industry recognition, including the 2024 ULI Europe PropTech of the Year and 2024 ZIA PropTech of the Year awards.

We are backed by top-tier US and European investors, including Innovation Endeavors (the fund of former Google CEO Eric Schmidt), Planet A, BitStone, and Kompas, who support our mission to empower real estate investors, asset managers, and consulting partners to deliver a cost-effective, value-preserving transition to Net Zero.

As of early 2026, we are expanding our team to broaden our product lines and scale operational delivery for a growing global client base.

Tasks

Responsibilities

• Manage the full lifecycle of SOC 2 Type 2 and ISO 27001 compliance programs, utilizing automation platforms like Vanta to ensure continuous control monitoring.
• Serve as the primary liaison and coordinator for external compliance auditors, managing all evidence submission and remediation timelines.
• Lead rapid and accurate responses to technical security questionnaires that arise during the enterprise sales due diligence process by maintaining a knowledge base
• Securely administer and harden core internal IT infrastructure, specifically Google Workspace and Microsoft 365/Entra ID.
• Handle the IT onboarding/offboarding process for new employees.
• Design, implement, and audit Role-Based Access Controls (RBAC) across all systems to strictly enforce the Principle of Least Privilege and protect customer data.
• Develop, maintain, and socialize essential security policies and documentation aligned with GRC frameworks.

Requirements

You Have:

• Direct experience managing compliance frameworks (SOC 2, ISO 27001) using Vanta or other.
• Hands-on experience administering Microsoft 365/Entra ID and Google Workspace security configurations.
• Knowledge of Identity and Access Management (IAM) principles, including RBAC, SSO, and Multi-Factor Authentication (MFA) enforcement.
• Proficiency in no-code platforms or scripting languages for automating administrative tasks and enforcing configuration standards.
• Proven ability to operate independently and drive complex, cross-functional security projects.
• Outstanding written and verbal communication skills .

Benefits

🌍 Impact: Play a critical role in scaling a company transforming how real estate decarbonizes.

⚙️ Ownership: Build and own the operational backbone of a fast-growing startup.

🚀 Growth: Work closely with an exceptional leadership team and gain exposure to all company functions.

🏆 Culture: Join a mission-driven, high-performance, and collaborative team.💡 Benefits: Competitive salary, equity options, learning budget (CHF 1k), and additional insurance support. 25 days paid vacation.