• Analyze and report organizational and system security posture trends, including monitoring activities related to database security risks • Apply security policies and cybersecurity principles to ensure systems meet defined security objectives and requirements • Assess access control implementations to ensure alignment with least privilege and need-to-know principles • Evaluate configuration management, change management and release management processes for security compliance • Assess and monitor cybersecurity practices associated with system implementation, testing and operational activities • Assess the effectiveness of implemented security controls, including controls protecting databases and data stores, and identify areas requiring improvement • Ensure systems security operations and maintenance activities are properly documented and kept current • Implement security measures to resolve vulnerabilities, mitigate risks and support system confidentiality, integrity, availability, authentication and non-repudiation • Support security testing of applications and systems, including identifying security deficiencies and supporting remediation or risk acceptance processes • Conduct security architecture reviews, identify gaps and contribute to the development of security risk management plans • Support Risk Management Framework (RMF) activities and related documentation, including lifecycle support plans, operational procedures and system documentation updates • Collaborate with stakeholders to resolve security incidents, address vulnerabilities and ensure minimum security requirements are implemented across applications

• Support Ensono’s internal audit and security control framework initiatives. • Document the Audit Process for All Ensono Audits. • Identify AI Opportunities for Internal Audit and develop solutions. • Review and update Ensono Security Control Framework (ESCF) with test procedures.

Overview: SOFTSWISS continues to expand the team and is looking for a Security Analyst. We need a true, experienced, and accomplished professional who shares our culture and values. Purpose of the role: You'll be the connective tissue between security strategy and execution across a multinational company operating in regulated markets across multiple jurisdictions. This isn't a checkbox audit role — you'll own the security assessment lifecycle for systems and processes, define security requirements and hold teams accountable to them, and coordinate work across specialized security teams to drive outcomes on cross-cutting initiatives. You'll work closely with business and technical stakeholders who move fast, and your job is to make sure security moves with them rather than behind them. Key responsibilities: - Own the security assessment lifecycle for new and existing systems, tools, and integrations — from initial scoping and risk identification through requirements definition to remediation verification - Create clear, actionable security requirements for systems and processes, and verify that implementations meet those requirements — closing the loop rather than just filing findings - Decompose complex security initiatives into concrete workstreams and coordinate their execution across specialized security teams (e.g., infrastructure security, application security, SOC), driving alignment without direct authority - Collaborate with business and technical owners to understand system purpose, data flows, and trust boundaries, translating what you find into risk language that stakeholders actually act on - Review and challenge access models as part of system assessments, ensuring permissions reflect need-to-know principles and don't silently expand over time - Contribute to strategic security projects — data security, AI governance, and other emerging areas — as both an analytical resource and a coordinator - Develop and maintain security policies and guidelines for software and technology usage across the organization Required Experience: - 3+ years of hands-on experience in cybersecurity, with meaningful exposure to security assessments, risk analysis, or GRC functions - Demonstrated ability to assess systems and integrations end-to-end — not just identifying risks but defining what "fixed" looks like and verifying it got done - Working knowledge of risk assessment methodologies, access control principles, and at least one major governance framework (ISO 27001, NIST CSF, or equivalent) - Experience operating in or alongside regulated industries — financial services, fintech, or similar high-compliance environments strongly preferred - Ability to coordinate across multiple teams and stakeholders without formal authority — you influence through clarity, preparation, and follow-through - Strong written and verbal communication in English — you'll be drafting requirements, writing assessments, and presenting findings to both technical teams and business leadership Nice to have: - Experience in multinational or multi-entity environments where regulatory landscapes vary across jurisdictions - Familiarity with AI governance, including practical challenges around shadow AI, third-party AI services, and emerging regulatory requirements (EU AI Act, etc.) - Background in data security strategy or classification — understanding how data flows across systems and where controls should sit - Track record of taking ambiguous, high-level security objectives and breaking them into structured, executable plans Our Benefits: - Full-time remote work opportunities and flexible working hours - Private insurance - Additional 1 Day Off per calendar year - Sports program compensation - Comprehensive Mental Health Programme - Free online English lessons with a native speaker - Generous referral program - Training, internal workshops, and participation in international professional conferences and corporate events.

Monitor for security threats, support technical security projects, maintain protective measures, and document risk management while effectively communicating with business leaders to ensure proper data handling and compliance.