Fractional Security & Compliance Lead (IT & GRC)

About You

As a Fractional Security & Compliance Lead (20-40%) at Optiml you will take full ownership of our security and compliance function. Youll run our SOC 2 Type II and ISO 27001 programs end to end coordinating audits managing evidence and remediation and ensuring controls stay effective as the company scales.

This is a hands-on role. Youll administer and secure our internal IT and identity stack (Microsoft 365 / Entra ID Google Workspace access management device provisioning) design and enforce RBAC and least-privilege access and own onboarding and offboarding processes. Youll also respond directly to enterprise customer security questionnaires maintaining a clear reusable knowledge base.

Youll work closely with the CTO and Head of Operations but operate independently day to day with flexibility around hours and workload. Were looking for someone who has done this beforewho can move quickly automate where possible and treat security as a practical enabler for the business not a checkbox exercise.

About Optiml

Optiml is revolutionizing real estate with our Real Estate Decision Intelligence (REDI) softwarea new class of decision technology that embeds AI to help decarbonize buildings while optimizing asset financial performance.

We are an ETH Zurich spin-off that launched its first product in April 2024 and has since been scaling across Europe and the United States earning major industry recognition including the 2024 ULI Europe PropTech of the Year and 2024 ZIA PropTech of the Year awards.

We are backed by top-tier US and European investors including Innovation Endeavors (the fund of former Google CEO Eric Schmidt) Planet A BitStone and Kompas who support our mission to empower real estate investors asset managers and consulting partners to deliver a cost-effective value-preserving transition to Net Zero.

As of early 2026 we are expanding our team to broaden our product lines and scale operational delivery for a growing global client base.

Tasks

Responsibilities

• Manage the full lifecycle of SOC 2 Type 2 and ISO 27001 compliance programs utilizing automation platforms like Vanta to ensure continuous control monitoring.
• Serve as the primary liaison and coordinator for external compliance auditors managing all evidence submission and remediation timelines.
• Lead rapid and accurate responses to technical security questionnaires that arise during the enterprise sales due diligence process by maintaining a knowledge base
• Securely administer and harden core internal IT infrastructure specifically Google Workspace and Microsoft 365/Entra ID.
• Handle the IT onboarding/offboarding process for new employees.
• Design implement and audit Role-Based Access Controls (RBAC) across all systems to strictly enforce the Principle of Least Privilege and protect customer data.
• Develop maintain and socialize essential security policies and documentation aligned with GRC frameworks.

Requirements

You Have:

• Direct experience managing compliance frameworks (SOC 2 ISO 27001) using Vanta or other.
• Hands-on experience administering Microsoft 365/Entra ID and Google Workspace security configurations.
• Knowledge of Identity and Access Management (IAM) principles including RBAC SSO and Multi-Factor Authentication (MFA) enforcement.
• Proficiency in no-code platforms or scripting languages for automating administrative tasks and enforcing configuration standards.
• Proven ability to operate independently and drive complex cross-functional security projects.
• Outstanding written and verbal communication skills .

Benefits

Impact: Play a critical role in scaling a company transforming how real estate decarbonizes.

Ownership: Build and own the operational backbone of a fast-growing startup.

Growth: Work closely with an exceptional leadership team and gain exposure to all company functions.

Culture: Join a mission-driven high-performance and collaborative team. Benefits: Competitive salary equity options learning budget (CHF 1k) and additional insurance support. 25 days paid vacation.