• Help Tenchi clients understand our product features and best practices for reducing cyber risk in cloud environments, ensuring the successful adoption of our product integrated into the client's third-party risk management process. • Perform routine operations to meet our clients' requests, generating insights to guide future automation of these operations. • Diagnose product-related issues and work with the technical support and engineering teams to resolve client issues efficiently. • Monitor the health of client environments and collaborate with them to drive product adoption. • Work with the product team by providing customer feedback and offering insights for product improvements and enhancements. • Proactively engage with clients to identify their needs, concerns, and areas for improvement, assisting them in achieving their cybersecurity objectives. • Track and report key metrics such as client satisfaction, product usage, and retention. • Assist in the creation and maintenance of client-facing resources, such as FAQs, product documentation, and best practice guides. • Experience with Python programming and task automation is a plus. • Experience building and maintaining QuickSight, PowerBI, and other analytics dashboards is a plus.

• Join our team as a Cybersecurity Analyst, where you'll play a critical role in assessing and analyzing cybersecurity documentation for client information systems. • You'll apply your scripting skills to develop and improve automations that streamline our assessment processes. • Your work will align with FISMA, NIST RMF for Federal Civilian Agencies, RMF for DoD IT, FedRAMP, and departmental standards, with a primary focus on FedRAMP. • Engage directly with clients through verbal communication to perform interviews for assessments, understand their needs, and provide effective solutions. • Conduct comprehensive assessments by analyzing cybersecurity documentation and performing evidence collection, interviews, and tests to evaluate compliance with relevant standards such as FISMA, NIST RMF, and FedRAMP. • Creating scripts and/or utilizing scripts to automate repetitive tasks and improve the efficiency of security assessments, reporting, and evidence collection. • Conduct system and network vulnerability scanning and analysis using tools such as Nessus/ACAS, SCC, and DISA STIGs/STIG Viewer. • Prepare clear and accurate reports and documentation, with an emphasis on creating scripts to automate analysis and report generation. • Work independently or as part of a client delivery team in a fast-paced, deadline-driven, remote environment. • Travel up to 25% for client engagements as required.

• Support Ensono’s internal audit and security control framework initiatives. • Document the Audit Process for All Ensono Audits. • Identify AI Opportunities for Internal Audit and develop solutions. • Review and update Ensono Security Control Framework (ESCF) with test procedures.

Overview: SOFTSWISS continues to expand the team and is looking for a Security Analyst. We need a true, experienced, and accomplished professional who shares our culture and values. Purpose of the role: You'll be the connective tissue between security strategy and execution across a multinational company operating in regulated markets across multiple jurisdictions. This isn't a checkbox audit role — you'll own the security assessment lifecycle for systems and processes, define security requirements and hold teams accountable to them, and coordinate work across specialized security teams to drive outcomes on cross-cutting initiatives. You'll work closely with business and technical stakeholders who move fast, and your job is to make sure security moves with them rather than behind them. Key responsibilities: - Own the security assessment lifecycle for new and existing systems, tools, and integrations — from initial scoping and risk identification through requirements definition to remediation verification - Create clear, actionable security requirements for systems and processes, and verify that implementations meet those requirements — closing the loop rather than just filing findings - Decompose complex security initiatives into concrete workstreams and coordinate their execution across specialized security teams (e.g., infrastructure security, application security, SOC), driving alignment without direct authority - Collaborate with business and technical owners to understand system purpose, data flows, and trust boundaries, translating what you find into risk language that stakeholders actually act on - Review and challenge access models as part of system assessments, ensuring permissions reflect need-to-know principles and don't silently expand over time - Contribute to strategic security projects — data security, AI governance, and other emerging areas — as both an analytical resource and a coordinator - Develop and maintain security policies and guidelines for software and technology usage across the organization Required Experience: - 3+ years of hands-on experience in cybersecurity, with meaningful exposure to security assessments, risk analysis, or GRC functions - Demonstrated ability to assess systems and integrations end-to-end — not just identifying risks but defining what "fixed" looks like and verifying it got done - Working knowledge of risk assessment methodologies, access control principles, and at least one major governance framework (ISO 27001, NIST CSF, or equivalent) - Experience operating in or alongside regulated industries — financial services, fintech, or similar high-compliance environments strongly preferred - Ability to coordinate across multiple teams and stakeholders without formal authority — you influence through clarity, preparation, and follow-through - Strong written and verbal communication in English — you'll be drafting requirements, writing assessments, and presenting findings to both technical teams and business leadership Nice to have: - Experience in multinational or multi-entity environments where regulatory landscapes vary across jurisdictions - Familiarity with AI governance, including practical challenges around shadow AI, third-party AI services, and emerging regulatory requirements (EU AI Act, etc.) - Background in data security strategy or classification — understanding how data flows across systems and where controls should sit - Track record of taking ambiguous, high-level security objectives and breaking them into structured, executable plans Our Benefits: - Full-time remote work opportunities and flexible working hours - Private insurance - Additional 1 Day Off per calendar year - Sports program compensation - Comprehensive Mental Health Programme - Free online English lessons with a native speaker - Generous referral program - Training, internal workshops, and participation in international professional conferences and corporate events.