Information Security Compliance Specialist

About the Role

As an Information Security Analyst, your core responsibility will be safeguarding customer and company data, protecting the company's reputation, and making vital decisions that are integral to shaping the state-of-the-art security posture for the business's future success. This person should detect new threats, understand the risk assessment process, contribute to the action plan development, and promote the progress of mitigation implementation and evolution. The position will cover security assessment activities, technical controls evaluation, risk assessments, management of clients' requirements, and internal awareness. As a valuable member of our global Infosec Team, you will have the opportunity to collaborate with colleagues across the globe, fostering a dynamic and diverse work environment. Your role will involve working closely with stakeholders from various departments, forging strong partnerships to ensure the collective success of our information security initiatives.

 

Responsibilities:

• Assess and track security posture across platforms and systems, following up on remediation tasks to close gaps efficiently.
• Collaborate with stakeholders across technology, legal, and business units to integrate security requirements into projects, services, and vendor relationships.
• Perform regular assessments of technical environments to ensure compliance with internal policies and external standards.
• Identify and document risks associated with third-party vendors, cloud infrastructure, access management, and system configurations.
• Evaluate and recommend technologies that enhance our security and compliance posture (e.g., DLP, EDR, network segmentation, cloud security tools).
• Collaborate with the alignment to the global Information Security Management System (ISMS), based on ISO/IEC 27001:2022 and best practices from well-known frameworks such as NIST.
• Maintain comprehensive documentation of security processes, audit reports, compliance controls, and risk assessments.
• Utilize tools and platforms to automate compliance checks and reporting across the environment.
• Stay current with industry trends, technologies, and regulatory changes, proactively suggesting enhancements to the security baseline.
• Contribute to security awareness programs and training efforts within the organisation.
• Mentor and support colleagues to encourage growth and a strong security culture across teams.

 

About You

The essentials:

• Bachelor's degree/advanced education in Computer Science, Cybersecurity, Computer or Systems Engineering or equivalent.
• Minimum of 4 years of experience in security.
• Solid understanding of core information security concepts, including confidentiality, integrity, and availability (CIA Triad).
• Solid understanding of technical concepts and security hardening practices in the following areas:
• Network architecture and segmentation
• Firewalls, IDS/IPS (Intrusion Detection/Prevention Systems)
• Encryption and Public Key Infrastructure (PKI)
• Endpoint protection and hardening (EDR, DLP)
• Operating system security (Windows, Linux, macOS)
• Databases
• Single Sign-On (SSO), SAML, and OIDC
• Role-Based Access Control (RBAC) and least privilege principles
• Cloud security hardening (AWS, Azure, GCP)
• Secure Software Development Lifecycle (S-SDLC)