Information Security Analyst

Sofia, Bulgaria

Full time

Permanent

Suitcase icon.

Job description

Why SpotMe?
Our values (Encourage curiosity, Keep improving, Always be respectful & positive) are not just bullet points on a slide. They guide every person at SpotMe and make us who we are. In fact, they are the primary reason we are able to grow as rapidly as we have since our founding in 2001. Our product is a no-code platform that allows anyone in HR, Marketing or Sales create an individualized app experience.

In this role, you will be providing support in maturing and optimizing information security and compliance across SpotMe global operations, and reporting directly to the CEO.

Responsibilities:
• Responsible for SpotMe’s information security programs and strategic projects to further strengthen SpotMe information security governance
• Responsible for the design, implementation, review and audit of new and existing security controls
• Responsible for the ISO27001 certification
• Manage SpotMe’s security compliance and audit programs as well as customer-initiated audits
• Respond to information security and data privacy due diligence requests from customers
• Conduct risk assessments with internal parties and with 3rd party vendors
• Monitor and support reporting on risk reduction activities and drive corrective actions to mitigate vulnerability risks
• Support executive and technology management with organization, process and architecture recommendations
• Define the organizational security posture, best practices, threat intelligence feeds reviews
• Conduct internal audits to ensure that compliance towards established standards is maintained
• Foster a security culture with the teams and deliver annual internal training programs
• Govern disaster recovery (DR) and business continuity (BC) plans and related procedures 
• Maintain documentation of projects, plans and actions taken towards information security 
• Report to executive and engineering teams on governance and policy violations 

List icon.

Key requirements

Skills and experience:
• 3+ years of experience in information security, auditing or consulting with technology businesses
• Understanding of, and implementation experience with ISO 27001:2013 and AICPA SOC 2 attestation standards
• Understanding of, and compliance experience with the EU GDPR
• Knowledge of common vulnerability frameworks and system, appl and database hardening techniques and practices 
• Knowledge of networking standards (e.g.Ethernet, WLAN, TCP/IP, DNS) and Linux networking tools 
• CISSP certification or equivalent is required
• Excellent English in verbal and written communications


Your personality:
• Keen to deliver to the highest existing standard with an uncompromised attention to detail
• Deliver on time and to specification levels
• Confident, proactive, self-starter, organized
• Collaborative approach to problem-solving
• This is an independent role that requires a team player for implementation
• Willing and able to take responsibility for his/her actions and for the team delivery
• Curios and open minded
• Excellent listening and communication skills, as well as willingness to help others

Folder icon.

Other details:

Location: Sofia

Employment: Full time