Security Test Lead

Job Description:

Information Security and Compliance Analyst will be a member of the information security team and assist with a wide range of information security tasks including, but not limited to ISMS policy, SOC and procedure creation and improvement, and technical controls auditing and review. As part of this position, the successful candidate will work closely with teams across the organization from HR, accounting, administration, IT, and engineering to ensure our standards are both sufficient to maintain our security posture and being adhered to by all parts of the organization.


The Analyst will be expected to:

  • Enhance risk and compliance strategy in alignment with internal controls, audit and business requirements and objectives.
  • Review, assess and document current internal controls.
  • Translate legal and regulatory requirements into a unified collection of processes and provide the respective stakeholders with compliance requirements and methodologies.
  • Collaborate with engineering, product and cloud teams to ensure security compliance and continually improve processes.
  • Maintain a risk register and manage risk mitigation plans.
  • Security Incident Management.
  • Facilitate internal & external audits and conduct reviews to verify compliance.
  • Facilitate Client assessments.
  • Support the client RFP process and the negotiation of security and data protection requirements in client agreements.
  • Collaborate with the privacy team and the data management team on implementation of global policies.
  • Define risk and compliance metrics and provide monthly reporting to management, including gaps in policy and proposed resolutions.
  • Frequently update domain knowledge by tracking incoming regulations, maintaining knowledge of relevant frameworks and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations and obtaining relevant certifications.

Experience & Qualifications

  • Must be a Graduate. Preferably in Computer Science / Computer Applications / Business Administration.
  • Demonstrated hands on experience in performing key Information Security operational activities.
  • Possess excellent listening skills and proficient oral and written communications.
  • Have a proven ability to work effectively in a loosely structured team environment that demands a high degree of cooperation, flexibility, teaming, cross group and real-time responsiveness.
  • 4 + years of experience in information security compliance, audit and/or risk management in a technology environment.
  • Experience facilitating external assessments, such as security audits or regulatory inquiries.
  • Excellent written and verbal communication skills, as demonstrated by prior experience writing policies and/or providing company-wide trainings.
  • Ability to synthesize both complex and ambiguous requirements into actionable plans, as demonstrated through prior experience managing cross-functional programs.
  • Ability to foresee security and privacy risks and identify reasonable mitigation strategies that fit the business context.
  • People-oriented with the ability to build relationships, persuade stakeholders and manage conflict across a variety of functions and skill levels.
  • Knowledge of security control frameworks and standards such as SOC2, ISO 27001, NIST, ITIL practices, and GRC , CSA CCM desirable.
  • Knowledge of current and impending regulatory requirements applicable to technology organizations, such as GDPR and the EU Artificial Intelligence Act desirable.
  • Familiarity with application security control models such as OWASP SAMM desirable.
  • ISO Compliance.
  • Identify control gaps and support remediation of findings.
  • Ability to contribute to internal ISO 27001 assessments.