Senior Information Security Analyst

On behalf of our client, fast-growing SaaS company specializing in data reconciliation, we are currently looking for Senior Information Security Analyst to join the team on full-time basis.
 Our Client provides innovative technology that enables financial institutions to normalize, validate and reconcile any type of data in personal cloud, providing firms with on-demand data integrity and insight. Our Client's mission is simple: to make managing data easy.
 We are seeking a seasoned Information Security Analyst specializing in Governance, Risk, and Compliance (GRC) to support our client's internal teams and external partners. This role ensures the integrity and trustworthiness of their digital infrastructure while maintaining compliance with all relevant regulations. You will collaborate closely with the Head of Information Security, playing a crucial role in shaping the company's InfoSec landscape.
 Role and duties:

• Policy Framework Development: Lead the creation and upkeep of the Information Security policy framework, ensuring alignment with risk appetite, legal requirements, and industry best practices.
  
• Third-Party Due Diligence: Oversee third-party due diligence activities.
  
• Client Security Inquiries: Manage responses to client Information Security inquiries and questionnaires.
  
• Knowledge Base Management: Curate and maintain an Information Security knowledge base to support Customer Success and Pre-Sales teams.
  
• Information Security Requests: Act as the initial point of contact for Information Security requests across the business.
  
• Regulatory Compliance: Lead efforts to comply with regulations, including DORA, Cyber Resiliency, and AI regulations.
  
• Collaboration with Engineering: Work with engineering teams to build a robust security knowledge base.
  
• Security Metrics: Develop and maintain security Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs).
  
• Security Guidance: Provide expert Information Security advice and guidance.
  
• Threat Landscape Awareness: Stay informed about existing and emerging threats.
  
• Security Culture Promotion: Collaborate with colleagues to promote a strong Information Security culture and ensure policy compliance.
  
• Accreditation Maintenance: Support the upkeep and compliance of ISO27001 and SOC1/2 accreditations.
  
• Risk Assessments: Assist with Information Security risk assessments across technology and physical locations.
  

Requirements

Experience: Proven commercial experience in Information Security with similar responsibilities.
Third-Party Due Diligence: Proven experience managing third-party due diligence and risk.
Security Assessments: Experience conducting Information Security assessments.
ISMS Maintenance: Experience in maintaining an established Information Security Management System (ISMS).
Risk and Incident Management: Background in Information Security risk and incident management.
Accreditation Maintenance: Experience maintaining ISO27001, SOC1, and SOC2 accreditations.
Technical Knowledge: In-depth knowledge of cloud computing environments, container-based technologies, and associated security controls and standards.
Tools Proficiency: Familiarity with Google Workspace, JIRA, and Confluence.
Collaborative Skills: Ability to thrive in a fast-paced, collaborative environment and develop innovative solutions.
Management Skills: Proficiency in delivery, stakeholder management, reporting, and risk and issue management.

Benefits

• Unlimited Holiday policy.
  
• International projects around the world.
  
• Private medical care and insurance package.
  
• Flexible working hours, possibility working in office or hybride mode.
  
• Annual bonuses and employee awards.
  
• Multisport card.
  
• Trainings and conferences.
  
• Extra paid leave days when volunteering or participation in charity activities (up to 4 days per year).