• Join our team as a Cybersecurity Analyst, where you'll play a critical role in assessing and analyzing cybersecurity documentation for client information systems. • You'll apply your scripting skills to develop and improve automations that streamline our assessment processes. • Your work will align with FISMA, NIST RMF for Federal Civilian Agencies, RMF for DoD IT, FedRAMP, and departmental standards, with a primary focus on FedRAMP. • Engage directly with clients through verbal communication to perform interviews for assessments, understand their needs, and provide effective solutions. • Conduct comprehensive assessments by analyzing cybersecurity documentation and performing evidence collection, interviews, and tests to evaluate compliance with relevant standards such as FISMA, NIST RMF, and FedRAMP. • Creating scripts and/or utilizing scripts to automate repetitive tasks and improve the efficiency of security assessments, reporting, and evidence collection. • Conduct system and network vulnerability scanning and analysis using tools such as Nessus/ACAS, SCC, and DISA STIGs/STIG Viewer. • Prepare clear and accurate reports and documentation, with an emphasis on creating scripts to automate analysis and report generation. • Work independently or as part of a client delivery team in a fast-paced, deadline-driven, remote environment. • Travel up to 25% for client engagements as required.

• Analyze and report organizational and system security posture trends, including monitoring activities related to database security risks • Apply security policies and cybersecurity principles to ensure systems meet defined security objectives and requirements • Assess access control implementations to ensure alignment with least privilege and need-to-know principles • Evaluate configuration management, change management and release management processes for security compliance • Assess and monitor cybersecurity practices associated with system implementation, testing and operational activities • Assess the effectiveness of implemented security controls, including controls protecting databases and data stores, and identify areas requiring improvement • Ensure systems security operations and maintenance activities are properly documented and kept current • Implement security measures to resolve vulnerabilities, mitigate risks and support system confidentiality, integrity, availability, authentication and non-repudiation • Support security testing of applications and systems, including identifying security deficiencies and supporting remediation or risk acceptance processes • Conduct security architecture reviews, identify gaps and contribute to the development of security risk management plans • Support Risk Management Framework (RMF) activities and related documentation, including lifecycle support plans, operational procedures and system documentation updates • Collaborate with stakeholders to resolve security incidents, address vulnerabilities and ensure minimum security requirements are implemented across applications

• Support Ensono’s internal audit and security control framework initiatives. • Document the Audit Process for All Ensono Audits. • Identify AI Opportunities for Internal Audit and develop solutions. • Review and update Ensono Security Control Framework (ESCF) with test procedures.

Overview: SOFTSWISS continues to expand the team and is looking for a Security Analyst. We need a true, experienced, and accomplished professional who shares our culture and values. Purpose of the role: You'll be the connective tissue between security strategy and execution across a multinational company operating in regulated markets across multiple jurisdictions. This isn't a checkbox audit role — you'll own the security assessment lifecycle for systems and processes, define security requirements and hold teams accountable to them, and coordinate work across specialized security teams to drive outcomes on cross-cutting initiatives. You'll work closely with business and technical stakeholders who move fast, and your job is to make sure security moves with them rather than behind them. Key responsibilities: - Own the security assessment lifecycle for new and existing systems, tools, and integrations — from initial scoping and risk identification through requirements definition to remediation verification - Create clear, actionable security requirements for systems and processes, and verify that implementations meet those requirements — closing the loop rather than just filing findings - Decompose complex security initiatives into concrete workstreams and coordinate their execution across specialized security teams (e.g., infrastructure security, application security, SOC), driving alignment without direct authority - Collaborate with business and technical owners to understand system purpose, data flows, and trust boundaries, translating what you find into risk language that stakeholders actually act on - Review and challenge access models as part of system assessments, ensuring permissions reflect need-to-know principles and don't silently expand over time - Contribute to strategic security projects — data security, AI governance, and other emerging areas — as both an analytical resource and a coordinator - Develop and maintain security policies and guidelines for software and technology usage across the organization Required Experience: - 3+ years of hands-on experience in cybersecurity, with meaningful exposure to security assessments, risk analysis, or GRC functions - Demonstrated ability to assess systems and integrations end-to-end — not just identifying risks but defining what "fixed" looks like and verifying it got done - Working knowledge of risk assessment methodologies, access control principles, and at least one major governance framework (ISO 27001, NIST CSF, or equivalent) - Experience operating in or alongside regulated industries — financial services, fintech, or similar high-compliance environments strongly preferred - Ability to coordinate across multiple teams and stakeholders without formal authority — you influence through clarity, preparation, and follow-through - Strong written and verbal communication in English — you'll be drafting requirements, writing assessments, and presenting findings to both technical teams and business leadership Nice to have: - Experience in multinational or multi-entity environments where regulatory landscapes vary across jurisdictions - Familiarity with AI governance, including practical challenges around shadow AI, third-party AI services, and emerging regulatory requirements (EU AI Act, etc.) - Background in data security strategy or classification — understanding how data flows across systems and where controls should sit - Track record of taking ambiguous, high-level security objectives and breaking them into structured, executable plans Our Benefits: - Full-time remote work opportunities and flexible working hours - Private insurance - Additional 1 Day Off per calendar year - Sports program compensation - Comprehensive Mental Health Programme - Free online English lessons with a native speaker - Generous referral program - Training, internal workshops, and participation in international professional conferences and corporate events.