Senior Information Security Analyst
Lisbon, Portugal
há 2 dias
source : Just Join IT

JIRA (nice to have)

SOC1 and SOC2 (nice to have)

iso27001 (nice to have)

CISSP (nice to have)

Good knowledge of cloud computing environments (advanced)

Information Security risk management (advanced)

Information Security Management System (ISMS) (advanced)

Information Security (advanced)

Want to feel truly appreciated at work?

At Duco, we care about our employees. We believe in giving everyone a genuine voice in what we do and how it’s done, in communicating openly and honestly, and in empowering people to succeed.

We believe everyone should be able to feel proud of what they do. This is one reason we have super-high Glassdoor scores and reviews .

This is especially true of our Information Security Team. We know it can be a tough job and often companies regard InfoSec as necessary’ rather than helpful’, but that isn’t the case for us.

We see them as an integral and highly-valued part of Duco’s success. We are now growing and developing this excellent team, and where (hopefully!) you come in

An exciting role with huge scope

The InfoSec team supports both our internal departments and our external stakeholders.

This is a high-profile role, working closely with the Head of Information Security, and will be integral in shaping the future of InfoSec within Duco.

The role can be based anywhere in Poland. We have an office in Wroclaw but you are allowed to work at home as well.

What you’ll be doing day to day :

  • Leading the development and maintenance of the Information Security policy framework in-line with risk appetite, legislation and industry best practices
  • Maintain compliance with our security certifications and accreditations (including ISO27001 and SOC1 / 2)
  • Support the Head of Information Security to develop and maintain the Information Security strategy and operating model
  • Manage the Information Security risk framework across the tech stack and physical locations
  • Provide Information Security advice and guidance
  • Maintain an awareness of the existing and emerging threat landscape
  • Manage the response to security incidents and vulnerabilities
  • Manage the organisation of, and response to, external penetration testing activity
  • Manage the Information Security awareness training programme
  • Manage the response to client Information Security enquiries
  • Work closely with colleagues across the business to promote and strong Information Security culture and ensure compliance with Information Security policies and procedures
  • You'll receive a fantastic reward package :

  • Base salary reviewed annually (the starting range for this role will be 15 000 PLN - 20 000 PLN per month to fit your level of experience and the local market standard)
  • A success-sharing bonus scheme, so we recognise and reward your effort
  • Unlimited annual paid holiday, because we trust our people to manage their own time off
  • Flexible working options : you can choose to work from home, at the office, or both - whatever is best for you
  • Flexibility around working hours, as long as you’re delivering what’s needed
  • Annual allowance to help you make the best of your home working environment
  • Enhanced family leave provisions
  • Personal learning and development opportunities (we dedicate budget for this)
  • Spot rewards, so we can say thanks when you do a really great bit of work
  • Referral bonus if we hire someone great who you’ve recommended to us
  • Employee of the Month and Employee of the Year awards
  • Private medical care packages : individual, partner or family
  • Multisport card
  • Life insurance package
  • Interested? Great! This is what you’ll need for the role :

    Ideally, you’ll have :

  • Previous experience in Information Security in a role with similar responsibilities
  • Previous experience maintaining an established Information Security Management System (ISMS)
  • Previous experience with Information Security risk management and incident management
  • Good knowledge of cloud computing environments, container based technologies and associated security controls and standards
  • Comfortable working in a fast paced and collaborative environment where you may be responsible for developing novel solutions
  • Bonus points if you also have :

  • Relevant industry certifications such as CISSP, CISM, CRISC
  • Previous experience maintaining accreditations such as ISO27001, SOC1 and SOC2
  • Previous experience managing Information Security assessments from clients, and conduction Information Security assessments on vendors and other third-parties
  • Knowledge of Google Workspace, JIRA and Confluence
  • Important point : At Duco we believe in developing potential, so we’re not necessarily looking for 'the perfect candidate' with gold medals and superpowers.

    If you can’t tick every single box below but think you could be great in this role, please do apply. We want to hear from you.

    Reportar esta oferta de trabalho

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Meu email
    Ao clicar em "Continuar", autorizo a neuvoo a processar os meus dados e a enviar-me alertas de e-mail, conforme detalhado na Política de Privacidade da neuvoo . Posso retirar o meu consentimento ou cancelar a subscrição a qualquer momento.
    Formulário de candidatura