Senior Security Analyst/Engineer

We are looking for a Senior Security Analyst/Engineer to join an innovative  AI company. 

As a Senior Security Analyst / Engineer, you will play a crucial role in managing and improving our Information Security Management System (ISMS) in compliance with ISO 27001 standards. You will be responsible for compliance documentation, supporting audit processes, conducting risk assessments, and driving automation in compliance tasks. Additionally, you will help update security policies and lead awareness programs to foster a strong security culture within the organization.

Your Responsibilities

• ISO 27001 Compliance Management: Implement and maintain the ISMS framework, ensuring compliance with ISO 27001 (2022) standards.
• Audit Preparation & Support: Manage compliance documentation and work cross-functionally to ensure readiness for internal and external audits.
• Risk Assessment & Mitigation: Conduct regular risk assessments, maintain a risk register, and implement mitigation strategies.
• Automation & Process Optimization: Utilize scripting and automation tools (Python, PowerShell, etc.) to streamline compliance tasks like evidence collection and monitoring.
• Security Policy Management: Develop, review, and update security policies and procedures to align with regulatory requirements.
• Training & Awareness: Conduct employee training to promote a culture of security and compliance.
• Collaboration Across Teams: Work closely with DevOps, Legal, Quality Assurance, and Product teams to integrate security into daily operations.
• Continuous Improvement: Stay up-to-date with industry best practices, regulatory changes, and emerging security risks.

What You Bring

• Experience in Information Security & Compliance: Strong background in security frameworks like ISO 27001, GDPR, SOC 2, and risk management principles.
• Audit & Governance Knowledge: Hands-on experience with internal and external audits, evidence management, and compliance reporting.
• Automation & Scripting Skills: Passion for automating compliance tasks using scripting languages like Python or PowerShell.
• Attention to Detail: Strong analytical and problem-solving skills, with the ability to identify weaknesses in security systems.
• Strong Communication Skills: Ability to effectively collaborate across teams and explain security concepts in a clear manner.
• Proactive & Self-Driven: A team player who takes initiative and thrives in a dynamic environment.

Bonus Points

• Experience with GRC (Governance, Risk, & Compliance) Tools for automation and evidence tracking.
• Familiarity with Public Cloud Security (GCP, AWS) and security controls.
• Certifications in Security & Compliance (ISO 27001 Lead Auditor, CISM, CISSP).
• Experience with Jira & Ticketing Automation for compliance tracking.

If this role isn't a perfect fit, were always hiring and may have other opportunities that match your expertise. Apply today!