Information Security Analyst

Didomi


Job Location:

Paris - France

Monthly Salary: Not Disclosed
Posted on: 3 hours ago
Vacancies: 1 Vacancy

Job Summary

We are looking for an Information Security Analyst to join our Security & IT team and become the operational backbone of our ISO 27001 program. You will support the day-to-day work that keeps Didomi audit-ready year-round and run recurring security activities across the company.

This role is roughly 80% recurring compliance work: evidence collection audit preparation access reviews vendor reviews and security questionnaire responses. Leverage is the whole game. We want someone who reaches for automation and AI tooling as a default and who actively pushes back on process that no longer earns its keep rather than someone who accepts that compliance work has to be slow or manual.

This role reports to the Security Manager.

The responsibilities are as follows:

ISO 27001 program and audit readiness

  • Help maintain and improve our ISO 27001 management system ensuring controls remain effective documented and continuously evidenced.
  • Contribute to internal audits surveillance audits and recertification cycles including the upcoming unified audit covering Didomi and recently acquired business units.
  • Track corrective actions nonconformities and continuous improvement initiatives supporting the security team in driving them to closure.

Security operations and recurring activities

  • Carry out recurring activities on the security calendar in support of the security team including vulnerability scanning campaigns quarterly access reviews risk assessments business continuity tests and policy review cycles.
  • Triage vulnerability findings from AWS GuardDuty Inspector and other sources then work with the Security Manager to define remediation priorities and follow them through to closure.
  • Run periodic access reviews across critical systems (Google Workspace AWS Slack JAMF GitLab GitHub and internal applications) surfacing findings to the Security Manager and helping ensure they are remediated.

Cross-functional security support

  • Contribute to the security teams reviews of new tools vendors and SaaS applications for security and compliance risks before adoption.
  • Help the security team assess and harden internal workflows with a particular focus on identity access management MFA SSO and data handling.
  • Support the security team on security questionnaires RFPs and customer due diligence requests.
  • Support the security team on broader initiatives such as AI governance SaaS governance and integration of acquired entities into the ISO scope.

Preferred skills & experience

  • 3 years of experience in a GRC compliance or information security analyst role ideally within a SaaS or technology company.
  • Solid working knowledge of ISO 27001 including Annex A controls the audit process and how to operationalize the standard rather than treat it as paperwork.
  • Hands-on experience with vulnerability management tools and access governance processes.
  • Hands-on experience with Vanta including running ISO 27001 (or comparable) audits end-to-end on the platform.
  • Hands-on experience with the AWS security suite in particular GuardDuty and Inspector including triaging findings and proposing remediation priorities.
  • Demonstrated use of AI tooling to accelerate recurring compliance and documentation work. You should be able to walk us through concrete examples of what you have built or automated.
  • A strong bias toward removing process. You actively challenge controls paperwork and workflows that no longer earn their keep and you propose lighter alternatives.
  • Strong written communication in English. You can explain security topics clearly to engineers executives and customers alike.
  • A pragmatic mindset: you favor controls that work in practice over controls that only look good on paper.

Nice to have

  • Experience supporting HIPAA or HITRUST programs and comfort mapping requirements across frameworks.
  • Familiarity with cloud environments (AWS in particular) and with common SaaS administration (Google Workspace Slack identity providers).
  • Exposure to security questionnaire platforms and trust center tooling.

Tools youll work with on a regular basis

  • Compliance and GRC: Vanta
  • Cloud and security monitoring: AWS AWS GuardDuty AWS Inspector AWS Security Hub
  • Identity and access: Google Workspace SSO and MFA providers
  • Endpoint and device management: JAMF
  • Code and engineering: GitLab GitHub
  • Collaboration and documentation: Slack Notion Google Workspace
  • SaaS governance and vendor review: internal review workflows and questionnaire tooling
48000 - 60000 a year
We may use artificial intelligence (AI) tools to support parts of the hiring process such as reviewing applications analyzing resumes or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed please contact us.

Required Experience:

IC

We are looking for an Information Security Analyst to join our Security & IT team and become the operational backbone of our ISO 27001 program. You will support the day-to-day work that keeps Didomi audit-ready year-round and run recurring security activities across the company.This role is roughly ...

About Company

Company Logo

Access leading data privacy and consent solutions for global brands and publishers.

View Profile View Profile