Security Analyst

Key responsibilities:

• Own the security assessment lifecycle for new and existing systems, tools, and integrations — from initial scoping and risk identification through requirements definition to remediation verification

• Create clear, actionable security requirements for systems and processes, and verify that implementations meet those requirements — closing the loop rather than just filing findings

• Decompose complex security initiatives into concrete workstreams and coordinate their execution across specialized security teams (e.g., infrastructure security, application security, SOC), driving alignment without direct authority

• Collaborate with business and technical owners to understand system purpose, data flows, and trust boundaries, translating what you find into risk language that stakeholders actually act on

• Review and challenge access models as part of system assessments, ensuring permissions reflect need-to-know principles and don't silently expand over time

• Contribute to strategic security projects — data security, AI governance, and other emerging areas — as both an analytical resource and a coordinator

• Develop and maintain security policies and guidelines for software and technology usage across the organization

Required Experience:

• 3+ years of hands-on experience in cybersecurity, with meaningful exposure to security assessments, risk analysis, or GRC functions

• Demonstrated ability to assess systems and integrations end-to-end — not just identifying risks but defining what "fixed" looks like and verifying it got done

• Working knowledge of risk assessment methodologies, access control principles, and at least one major governance framework (ISO 27001, NIST CSF, or equivalent)

• Experience operating in or alongside regulated industries — financial services, fintech, or similar high-compliance environments strongly preferred

• Ability to coordinate across multiple teams and stakeholders without formal authority — you influence through clarity, preparation, and follow-through

• Strong written and verbal communication in English — you'll be drafting requirements, writing assessments, and presenting findings to both technical teams and business leadership

Nice to have:

• Experience in multinational or multi-entity environments where regulatory landscapes vary across jurisdictions

• Familiarity with AI governance, including practical challenges around shadow AI, third-party AI services, and emerging regulatory requirements (EU AI Act, etc.)

• Background in data security strategy or classification — understanding how data flows across systems and where controls should sit

• Track record of taking ambiguous, high-level security objectives and breaking them into structured, executable plans

Our Benefits:

• Full-time remote work opportunities and flexible working hours

• Private insurance

• Additional 1 Day Off per calendar year

• Sports program compensation

• Comprehensive Mental Health Programme

• Free online English lessons with a native speaker

• Generous referral program

• Training, internal workshops, and participation in international professional conferences and corporate events.