Security Analyst

Key responsibilities:
• Own the security assessment lifecycle for new and existing systems, tools, and integrations — from initial scoping and risk identification through requirements definition to remediation verification
• Create clear, actionable security requirements for systems and processes, and verify that implementations meet those requirements — closing the loop rather than just filing findings
• Decompose complex security initiatives into concrete workstreams and coordinate their execution across specialized security teams (e.g., infrastructure security, application security, SOC), driving alignment without direct authority
• Collaborate with business and technical owners to understand system purpose, data flows, and trust boundaries, translating what you find into risk language that stakeholders actually act on
• Review and challenge access models as part of system assessments, ensuring permissions reflect need-to-know principles and don't silently expand over time
• Contribute to strategic security projects — data security, AI governance, and other emerging areas — as both an analytical resource and a coordinator
• Develop and maintain security policies and guidelines for software and technology usage across the organization
Required Experience:
• 3+ years of hands-on experience in cybersecurity, with meaningful exposure to security assessments, risk analysis, or GRC functions
• Demonstrated ability to assess systems and integrations end-to-end — not just identifying risks but defining what "fixed" looks like and verifying it got done
• Working knowledge of risk assessment methodologies, access control principles, and at least one major governance framework (ISO 27001, NIST CSF, or equivalent)
• Experience operating in or alongside regulated industries — financial services, fintech, or similar high-compliance environments strongly preferred
• Ability to coordinate across multiple teams and stakeholders without formal authority — you influence through clarity, preparation, and follow-through
• Strong written and verbal communication in English — you'll be drafting requirements, writing assessments, and presenting findings to both technical teams and business leadership
Nice to have:
• Experience in multinational or multi-entity environments where regulatory landscapes vary across jurisdictions
• Familiarity with AI governance, including practical challenges around shadow AI, third-party AI services, and emerging regulatory requirements (EU AI Act, etc.)
• Background in data security strategy or classification — understanding how data flows across systems and where controls should sit
• Track record of taking ambiguous, high-level security objectives and breaking them into structured, executable plans
Our Benefits:
• Full-time remote work opportunities and flexible working hours
• Private insurance
• Additional 1 Day Off per calendar year
• Sports program compensation
• Comprehensive Mental Health Programme
• Free online English lessons with a native speaker
• Generous referral program
• Training, internal workshops, and participation in international professional conferences and corporate events.