Information Security Risk & Compliance Analyst

Information Security Risk & Compliance Analyst

Application Deadline: 30 September 2024

Department: Security

Employment Type: Full Time

Location: Sofia/Plovdiv

Reporting To: Governance, Risk & Compliance Manager

Compensation: лв.50,000 - лв.55,000 / year

Description

An opportunity has become available for an InfoSec Risk & Compliance professional to support our Governance, Risk & Compliance, and Information Security operations and be part of a growing business. 

At Reward Gateway, we already understand that Compliance and Security are paramount to our success, reflected in the culture. Our Leadership Team is fully committed to Compliance and Information Security and you won’t have to spend time convincing stakeholders to care - you’ll be empowered to improve the company.

We have a longstanding ISO 27001 programme and are on the final stretch toward SOC2 Type II compliance. We are also working toward attaining Cyber Essentials Plus compliance, with ISO 9001 planned as well. These standards structure everything we do and enable our business to grow by providing a high level of assurance to our customers.

What you'll be doing:

• Support our control framework covering ISO 27001, SOC2 Type II, PCI DSS, Cyber Essentials Plus and (in the future) ISO 9001
• Ensure ISO readiness/compliance by conducting/supporting periodic internal audits and participate in hosting ISO registrar audits
• Assist with analysis, documentation and remediation actions for detected audit observations
• Verify implementation and effectiveness of the corrective/preventative actions
• Support the GRC Manager and process owners in developing, documenting, reviewing, and communicating company processes and procedures to incorporate best practices in Quality Management and Information Security Management
• Maintain the compliance automation platform for achieving streamlined compliance activities
• Support the Director of Information Security and Risk Owners with the risk management process

Skills, experience and knowledge you will have:

• At least 1+ year experience working in Information Security Compliance/Internal Audit 
• Experience with a compliance framework (ISO27001, SOC 2 Type II, PCI DSS) would be advantageous but not essential (You’re not expected to have expertise in all these frameworks)
• Understanding of information security concepts and technology
• Previous exposure to cloud technologies and cloud security
• Experience in Document Management (incl. Good Documentation Practices) and procedure review
• Excellent English communication skills 
• Comfortable with working across multiple projects, geographical locations, and assignments at once
• Have a risk-based approach to problem solving

The interview process:

• A 30 minute video interview with the Senior Talent Partner
• First stage online interview with the Governance Risk & Compliance Manager 
• Final stage video interview with the Director of Information Security and the Governance Risk & Compliance Manager

Be comfortable. Be you.
At Reward Gateway, we want all of our employees to feel comfortable bringing their passion, creativity and individuality to work. We value all cultures, backgrounds and experiences, as we truly believe that diversity drives innovation. Express yourself, join our community and help us Make the World a Better Place to Work.

We hire BETTER. 
From perks to people, our BETTER approach to hiring earns us more trust, happier people and more world-class talent that help us to make the world a better place to work. Find out more about Reward Gateways approach to benefits, equality, talent, technology, empathy and what you’ll get in return for joining our Mission at rg.co/lifeatrg.