We are looking for an Information Security Analyst to join our Security & IT team and become the operational backbone of our ISO 27001 program. You will support the day-to-day work that keeps Didomi audit-ready year-round and run recurring security activities across the company.
This role is roughly 80% recurring compliance work: evidence collection audit preparation access reviews vendor reviews and security questionnaire responses. Leverage is the whole game. We want someone who reaches for automation and AI tooling as a default and who actively pushes back on process that no longer earns its keep rather than someone who accepts that compliance work has to be slow or manual.
This role reports to the Security Manager.
The responsibilities are as follows:
ISO 27001 program and audit readiness
Help maintain and improve our ISO 27001 management system ensuring controls remain effective documented and continuously evidenced.
Contribute to internal audits surveillance audits and recertification cycles including the upcoming unified audit covering Didomi and recently acquired business units.
Track corrective actions nonconformities and continuous improvement initiatives supporting the security team in driving them to closure.
Security operations and recurring activities
Carry out recurring activities on the security calendar in support of the security team including vulnerability scanning campaigns quarterly access reviews risk assessments business continuity tests and policy review cycles.
Triage vulnerability findings from AWS GuardDuty Inspector and other sources then work with the Security Manager to define remediation priorities and follow them through to closure.
Run periodic access reviews across critical systems (Google Workspace AWS Slack JAMF GitLab GitHub and internal applications) surfacing findings to the Security Manager and helping ensure they are remediated.
Cross-functional security support
Contribute to the security teams reviews of new tools vendors and SaaS applications for security and compliance risks before adoption.
Help the security team assess and harden internal workflows with a particular focus on identity access management MFA SSO and data handling.
Support the security team on security questionnaires RFPs and customer due diligence requests.
Support the security team on broader initiatives such as AI governance SaaS governance and integration of acquired entities into the ISO scope.
Preferred skills & experience
3 years of experience in a GRC compliance or information security analyst role ideally within a SaaS or technology company.
Solid working knowledge of ISO 27001 including Annex A controls the audit process and how to operationalize the standard rather than treat it as paperwork.
Hands-on experience with vulnerability management tools and access governance processes.
Hands-on experience with Vanta including running ISO 27001 (or comparable) audits end-to-end on the platform.
Hands-on experience with the AWS security suite in particular GuardDuty and Inspector including triaging findings and proposing remediation priorities.
Demonstrated use of AI tooling to accelerate recurring compliance and documentation work. You should be able to walk us through concrete examples of what you have built or automated.
A strong bias toward removing process. You actively challenge controls paperwork and workflows that no longer earn their keep and you propose lighter alternatives.
Strong written communication in English. You can explain security topics clearly to engineers executives and customers alike.
A pragmatic mindset: you favor controls that work in practice over controls that only look good on paper.
Nice to have
Experience supporting HIPAA or HITRUST programs and comfort mapping requirements across frameworks.
Familiarity with cloud environments (AWS in particular) and with common SaaS administration (Google Workspace Slack identity providers).
Exposure to security questionnaire platforms and trust center tooling.
Identity and access: Google Workspace SSO and MFA providers
Endpoint and device management: JAMF
Code and engineering: GitLab GitHub
Collaboration and documentation: Slack Notion Google Workspace
SaaS governance and vendor review: internal review workflows and questionnaire tooling
48000 - 60000 a year
We may use artificial intelligence (AI) tools to support parts of the hiring process such as reviewing applications analyzing resumes or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed please contact us.
Required Experience:
IC
We are looking for an Information Security Analyst to join our Security & IT team and become the operational backbone of our ISO 27001 program. You will support the day-to-day work that keeps Didomi audit-ready year-round and run recurring security activities across the company.This role is roughly ...
We are looking for an Information Security Analyst to join our Security & IT team and become the operational backbone of our ISO 27001 program. You will support the day-to-day work that keeps Didomi audit-ready year-round and run recurring security activities across the company.
This role is roughly 80% recurring compliance work: evidence collection audit preparation access reviews vendor reviews and security questionnaire responses. Leverage is the whole game. We want someone who reaches for automation and AI tooling as a default and who actively pushes back on process that no longer earns its keep rather than someone who accepts that compliance work has to be slow or manual.
This role reports to the Security Manager.
The responsibilities are as follows:
ISO 27001 program and audit readiness
Help maintain and improve our ISO 27001 management system ensuring controls remain effective documented and continuously evidenced.
Contribute to internal audits surveillance audits and recertification cycles including the upcoming unified audit covering Didomi and recently acquired business units.
Track corrective actions nonconformities and continuous improvement initiatives supporting the security team in driving them to closure.
Security operations and recurring activities
Carry out recurring activities on the security calendar in support of the security team including vulnerability scanning campaigns quarterly access reviews risk assessments business continuity tests and policy review cycles.
Triage vulnerability findings from AWS GuardDuty Inspector and other sources then work with the Security Manager to define remediation priorities and follow them through to closure.
Run periodic access reviews across critical systems (Google Workspace AWS Slack JAMF GitLab GitHub and internal applications) surfacing findings to the Security Manager and helping ensure they are remediated.
Cross-functional security support
Contribute to the security teams reviews of new tools vendors and SaaS applications for security and compliance risks before adoption.
Help the security team assess and harden internal workflows with a particular focus on identity access management MFA SSO and data handling.
Support the security team on security questionnaires RFPs and customer due diligence requests.
Support the security team on broader initiatives such as AI governance SaaS governance and integration of acquired entities into the ISO scope.
Preferred skills & experience
3 years of experience in a GRC compliance or information security analyst role ideally within a SaaS or technology company.
Solid working knowledge of ISO 27001 including Annex A controls the audit process and how to operationalize the standard rather than treat it as paperwork.
Hands-on experience with vulnerability management tools and access governance processes.
Hands-on experience with Vanta including running ISO 27001 (or comparable) audits end-to-end on the platform.
Hands-on experience with the AWS security suite in particular GuardDuty and Inspector including triaging findings and proposing remediation priorities.
Demonstrated use of AI tooling to accelerate recurring compliance and documentation work. You should be able to walk us through concrete examples of what you have built or automated.
A strong bias toward removing process. You actively challenge controls paperwork and workflows that no longer earn their keep and you propose lighter alternatives.
Strong written communication in English. You can explain security topics clearly to engineers executives and customers alike.
A pragmatic mindset: you favor controls that work in practice over controls that only look good on paper.
Nice to have
Experience supporting HIPAA or HITRUST programs and comfort mapping requirements across frameworks.
Familiarity with cloud environments (AWS in particular) and with common SaaS administration (Google Workspace Slack identity providers).
Exposure to security questionnaire platforms and trust center tooling.
Identity and access: Google Workspace SSO and MFA providers
Endpoint and device management: JAMF
Code and engineering: GitLab GitHub
Collaboration and documentation: Slack Notion Google Workspace
SaaS governance and vendor review: internal review workflows and questionnaire tooling
48000 - 60000 a year
We may use artificial intelligence (AI) tools to support parts of the hiring process such as reviewing applications analyzing resumes or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed please contact us.