Information Security Analyst

đŸ”„ 6 minutes ago

Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of Didomi

Didomi

51 - 200 employees

📋 Compliance

☁ SaaS

đŸ€ B2B

💰 Series B on 2021-07

Compliance ‱ SaaS ‱ B2B

Didomi is a leading provider of consent and preference management solutions for businesses around the world. Specializing in compliance with privacy regulations like GDPR and CPRA, Didomi helps organizations gather, manage, and streamline user consent across various digital platforms, including web, mobile, and connected TV. With products such as Consent Management Platforms (CMP) and Privacy Request tools, Didomi enables companies to build trust with their users through transparent data practices, while optimizing marketing performance and ensuring legal compliance.

📋 Description

‱ Help maintain and improve our ISO 27001 management system, ensuring controls remain effective, documented, and continuously evidenced. ‱ Contribute to internal audits, surveillance audits, and recertification cycles, including the upcoming unified audit covering Didomi and recently acquired business units. ‱ Track corrective actions, nonconformities, and continuous improvement initiatives, supporting the security team in driving them to closure. ‱ Carry out recurring activities on the security calendar in support of the security team, including vulnerability scanning campaigns, quarterly access reviews, risk assessments, business continuity tests, and policy review cycles. ‱ Triage vulnerability findings from AWS GuardDuty, Inspector, and other sources, then work with the Security Manager to define remediation priorities and follow them through to closure. ‱ Run periodic access reviews across critical systems (Google Workspace, AWS, Slack, JAMF, GitLab, GitHub, and internal applications), surfacing findings to the Security Manager and helping ensure they are remediated. ‱ Contribute to the security team's reviews of new tools, vendors, and SaaS applications for security and compliance risks before adoption. ‱ Help the security team assess and harden internal workflows, with a particular focus on identity, access management, MFA, SSO, and data handling. ‱ Support the security team on security questionnaires, RFPs, and customer due diligence requests. ‱ Support the security team on broader initiatives such as AI governance, SaaS governance, and integration of acquired entities into the ISO scope.

🎯 Requirements

‱ 3+ years of experience in a GRC, compliance, or information security analyst role, ideally within a SaaS or technology company. ‱ Solid working knowledge of ISO 27001, including Annex A controls, the audit process, and how to operationalize the standard rather than treat it as paperwork. ‱ Hands-on experience with vulnerability management tools and access governance processes. ‱ Hands-on experience with Vanta, including running ISO 27001 (or comparable) audits end-to-end on the platform. ‱ Hands-on experience with the AWS security suite, in particular GuardDuty and Inspector, including triaging findings and proposing remediation priorities. ‱ Demonstrated use of AI tooling to accelerate recurring compliance and documentation work. You should be able to walk us through concrete examples of what you have built or automated. ‱ A strong bias toward removing process. You actively challenge controls, paperwork, and workflows that no longer earn their keep, and you propose lighter alternatives. ‱ Strong written communication in English. You can explain security topics clearly to engineers, executives, and customers alike. ‱ A pragmatic mindset: you favor controls that work in practice over controls that only look good on paper.

Apply Now