Didomi logo
Didomi

Didomi builds technology that allows organizations to place customer consent at the core of their strategy.

Information Security Analyst

Security AnalystSecurity AnalystFull TimeRemoteSeniorTeam 51-200H1B No SponsorCompany SiteLinkedIn

Location

France

Posted

6 days ago

Salary

€48K - €60K / year

Seniority

Senior

3 yrs expEnglishAWSJamf

Job Description

Information Security Analyst

Didomi

• Help maintain and improve our ISO 27001 management system, ensuring controls remain effective, documented, and continuously evidenced. • Contribute to internal audits, surveillance audits, and recertification cycles, including the upcoming unified audit covering Didomi and recently acquired business units. • Track corrective actions, nonconformities, and continuous improvement initiatives, supporting the security team in driving them to closure. • Carry out recurring activities on the security calendar in support of the security team, including vulnerability scanning campaigns, quarterly access reviews, risk assessments, business continuity tests, and policy review cycles. • Triage vulnerability findings from AWS GuardDuty, Inspector, and other sources, then work with the Security Manager to define remediation priorities and follow them through to closure. • Run periodic access reviews across critical systems (Google Workspace, AWS, Slack, JAMF, GitLab, GitHub, and internal applications), surfacing findings to the Security Manager and helping ensure they are remediated. • Contribute to the security team's reviews of new tools, vendors, and SaaS applications for security and compliance risks before adoption. • Help the security team assess and harden internal workflows, with a particular focus on identity, access management, MFA, SSO, and data handling. • Support the security team on security questionnaires, RFPs, and customer due diligence requests. • Support the security team on broader initiatives such as AI governance, SaaS governance, and integration of acquired entities into the ISO scope.

Job Requirements

  • 3+ years of experience in a GRC, compliance, or information security analyst role, ideally within a SaaS or technology company.
  • Solid working knowledge of ISO 27001, including Annex A controls, the audit process, and how to operationalize the standard rather than treat it as paperwork.
  • Hands-on experience with vulnerability management tools and access governance processes.
  • Hands-on experience with Vanta, including running ISO 27001 (or comparable) audits end-to-end on the platform.
  • Hands-on experience with the AWS security suite, in particular GuardDuty and Inspector, including triaging findings and proposing remediation priorities.
  • Demonstrated use of AI tooling to accelerate recurring compliance and documentation work. You should be able to walk us through concrete examples of what you have built or automated.
  • A strong bias toward removing process. You actively challenge controls, paperwork, and workflows that no longer earn their keep, and you propose lighter alternatives.
  • Strong written communication in English. You can explain security topics clearly to engineers, executives, and customers alike.
  • A pragmatic mindset: you favor controls that work in practice over controls that only look good on paper.

Related Job Pages

More Security Analyst Jobs

Full TimeRemoteTeam 1,001-5,000Since 1913H1B No Sponsor

• Develop and enhance vulnerability scanning strategies to ensure comprehensive coverage • Conduct internal and external vulnerability assessments and validate scan results • Apply established vulnerability management standards to classify vulnerabilities • Categorize and prioritize assets according to criticality • Partner with EBTS teams to develop and execute vulnerability remediation plans • Track and report remediation activities • Analyze emerging cyber threats and assess potential impacts • Communicate current risk exposure and remediation efforts to senior leadership • Develop, maintain, and present vulnerability management metrics and executive reports • Create, update, and maintain policies, standards, procedures related to vulnerability management • Ensure security controls are operating effectively to satisfy audit and regulatory requirements • Assist in the development of a threat hunting program • Collaborate with internal teams to investigate, validate, and resolve vulnerability findings

New Jersey
$97.8K - $133.5K / year
Job Closed
College Board logo

Security Risk Analyst

College Board

At College Board, we offer more than a paycheck- we provide a meaningful career, a supportive team, and a comprehensive package designed to help you thrive.

Full TimeRemoteTeam 1,001-5,000

Role Description As a Security Risk Analyst, you will have the critical role of being responsible for evaluating and managing exceptions to IT security policies, for managing the Organization’s Risk and Control Issues Register (Risk Register), and for developing reports and metrics. Your strong technical communication and negotiation skills will help you build relationships and collaborate with diverse stakeholders and reduce risk to the organization and ensure compliance. Under the direction of management, you will manage the Risk Register and perform security policy exceptions to help the College Board understand its critical risks. - Manage the Risk Register (20%): - Leads the management of the issues and risks and quickly escalates any untimely completion of audit actions. - Works independently to communicate risks and works with others to problem-solve risks to tolerance levels based on data and evidence. - Maintains data quality of Risk Register and executes any required data clean-up exercises. - Understands College Board work to be able to drive Risk or Control Owners to ensure consistent application of policies and standards. - Raises awareness about Risk & Control Issues, Policy exceptions, and available risk reduction options. - Fosters a culture of risk awareness and compliance within the technology department and across the organization. - Manage Policy Exceptions (65%): - Independently analyzes policy exception submissions and provides risk assessment reports for critical service lines, applications, and infrastructure hosted on-prem and in the cloud. - Evaluates and manage exceptions to IT security policies. - Manages materials for the Exception Review Board and presents exception information to executive leadership and senior team members. - Maintains an up-to-date knowledge and understanding of IT security policies and principles. - Maintains a customer-focused attitude in all interactions with customers and colleagues. - Support Vendor Risk Management (10%): - Support the Vendor Risk Management program by understanding policies and procedures. - Perform New Vendor Risk Assessments and Reassessments. - Serve as backup to the Sr. Risk Analyst. - Manage Metrics and Reporting (5%): - Provides weekly and monthly reporting for the Risk Register and policy exceptions. - Produces trending metrics and escalate exceptions. - Performs other duties as assigned. Qualifications - 5-7 years of experience managing or supporting IT Security Risk and Control Risk Register and processing policy exceptions. - Strong understanding of risk management techniques such as risk identification, risk scoring, risk mitigation, and risk tracking. - Proven ability to lead conversations balancing risk and multiple business needs that result in positive outcomes with multiple stakeholders. - The capacity to assess risk information and make risk recommendations independently. - Strong organization and prioritization skills and the proven ability to manage multiple tasks simultaneously, both independently and as a member of the team. - Excellent verbal and written communication skills. - Experience with governance, risk, and compliance tools (e.g., OneTrust) preferred. - Experience with information security and privacy frameworks such as ISO 27001, COBIT, NIST-CSF, NIST 800-53, GDPR etc. - Current Information Security Certification (e.g., CISSP, CRISC, CISM, CISA, or related security certification) preferred or the ability to attain one within 6 months of hire. - Bachelor’s degree in computer science, cybersecurity, engineering, IT management or four years equivalent IT and security industry experience. - Vendor Risk Management policies and procedures. - Bachelor’s degree required. - The ability to travel 2-4 times a year to College Board offices or on behalf of College Board business. Benefits - At College Board, we offer more than a paycheck- we provide a meaningful career, a supportive team, and a comprehensive package designed to help you thrive. - We’re a self-sustaining nonprofit that believes in fair and competitive compensation grounded in your qualifications, experience, impact, and the market. - The hiring range for this role is $72,000–$120,000. - Your exact salary will depend on your location, experience, and how your background compares to others in similar roles at the College Board. - We aim to make our best offer upfront, rooted in fairness, transparency, and market data. - We adjust salaries by location to ensure fairness, no matter where you live. - You’ll have open, transparent conversations about compensation, benefits, and what it’s like to work at College Board throughout your hiring process.

United States
$72K - $120K / year
Gartner logo

Senior Director Analyst – Application Security, Governance

Gartner

We deliver actionable, objective insight that drives smarter decisions and stronger performance.

Full TimeRemoteTeam 10,001+Since 1979H1B Sponsor

• Create innovative, thought provoking, and highly leveraged 'must-have insights' content • Develop new insights and ideas through thought leadership and offer compelling, actionable approaches • Develop in-depth analysis to identify the root cause of a client’s barriers or overall needs • Demonstrate thought leadership in establishing Insights positions across a team of analysts • Research, analyze and predict market trends and shifts to provide clients and vendors with actionable insights • Create and deliver high value presentation materials on and off stage for Gartner events • Support BTI and Sales: Provide sales support serving as voice of the market • Identify research process improvements or develop new processes that help the team and BTI

United Kingdom
Radix logo

Cybersecurity Analyst

Radix

A Radix está sempre no topo das Melhores Empresas para se trabalhar porque: Temos profissionais comprometidos, dedicados, curiosos e inovadores. O espírito de equipe é a nossa maior força. Trabalhamos de forma cooperativa e sabemos que estamos juntos, remando na mesma direção. Temos um ambiente diverso, que valoriza equidade e inclusão. Nossa jornada de trabalho é flexível e em quase todos os projetos é possível trabalhar de qualquer lugar do Brasil. Valorizamos o bem-estar e o cuidado com as nossas pessoas, com programas de apoio à saúde mental, psiquiatra e médico consultor disponíveis.

Role Description A primeira coisa que você precisa saber é que aqui você não vai cair na rotina. A Radix desenvolve soluções para empresas de diferentes setores e indústrias. Cada projeto tem suas tecnologias, soluções e prazos e você terá oportunidade de atuar e experimentar diferentes desafios. Além da nossa atuação pelo Brasil, com escritório no Rio de Janeiro, São Paulo e Belo Horizonte, temos também filiais nos Estados Unidos, fazendo com que a Radix se consolide cada vez mais como uma empresa global. Estamos em busca de um(a) Analista de Automação e Cibersegurança para integrar nossa equipe técnica. Esse profissional será responsável por executar e garantir a integridade das atividades de segurança cibernética em ambientes industriais (OT/IACS), trabalhando em estreita colaboração com a liderança técnica para mapear riscos, desenhar arquiteturas seguras e implementar melhorias de infraestrutura industrial. - Execução e Análise Técnica: Atuar diretamente nas atividades de Cyber Security em ambientes OT/IACS, executando a reconstrução de baseline (mapeamento de topologia, fluxos de dados/dataflows, inventário de ativos e configurações). - Análise de Riscos e Vulnerabilidades: Realizar avaliações de risco baseadas nas normas de mercado (IEC 62443, TR1658, WR3058) e participar ativamente de workshops técnicos e Cyber HAZOPs. - Arquitetura e Redes: Apoiar a implementação de controles de segurança, segregação de redes industriais e configuração de acessos remotos seguros para sistemas críticos. - Garantia de Entregáveis: Elaborar documentações técnicas de alta qualidade, incluindo topologias lógicas, matrizes de fluxo de dados e relatórios de risk assessment. - Interface e Alinhamento: Colaborar e garantir a interface técnica com os times de Engenharia, Operação, TI/Segurança Corporativa, fornecedores (vendors) e suporte ao time offshore. - Melhoria Contínua: Apoiar o plano de remediação de vulnerabilidades e aplicar boas práticas de hardening em sistemas industriais. Qualifications - Experiência com Networking Roteamento e Comutação. - Formação Acadêmica: Graduação concluída em Engenharia (Automação, Elétrica, Computação ou correlatas), Ciência da Computação, Sistemas de Informação ou áreas de TI. - Experiência Prática: Experiência em projetos ou sustentação de Cyber Security voltados para ambientes de Automação Industrial (OT / IACS). - Conhecimentos em Normas e Modelos: Sólido entendimento da norma IEC 62443 e do Modelo Purdue (Arquiteturas Industriais). - Redes e Infraestrutura: Conhecimento prático em redes industriais (Layer 2/3, VLANs, roteamento e regras de Firewalls). - Habilidades Técnicas: Experiência com levantamento de ativos (assessment), análise de vulnerabilidades industriais e aplicação de hardening. - Idioma: Inglês Avançado (capacidade de escrita, leitura e conversação para interface com times globais/offshore). Requirements - Experiência prévia ou vivência em projetos do setor de Óleo e Gás (O&G). - Certificações de segurança em OT (ex: GICSP, GRID, ISA/IEC 62443 Cybersecurity Specialist). Benefits - Assistência Médica Nacional (para o titular e dependentes, com quarto privativo). - Assistência odontológica nacional (para o titular e dependentes). - Vale refeição / alimentação flexível. - Auxílio home office. - Day off (no mês do aniversário). - Wellhub (antigo Gympass). - Licença Maternidade (6 meses) e Paternidade (20 dias) estendidas. - Auxílio creche para filhos de até 3 anos (por filho). - Apoio em saúde mental com a Wellz. - Clube de Vantagens com descontos em diversos parceiros. - Convênio com instituições de ensino e cursos de idioma. - Desenvolvimento Profissional (Universidade Corporativa). - Parceria com empresa de coworkings no Brasil. - Programa de Qualidade de Vida e Bem-Estar. - Médico consultor para acompanhamento de radixers. - Planos de incentivos.

Brazil