Information Security Analyst

About the role

The Information Security Analyst will protect customer and company data, support the company’s reputation, and help shape a modern security posture. Working within a global Infosec team, you will collaborate with stakeholders across technology, legal and business units to drive security initiatives.

Key responsibilities

• Assess and monitor the security posture of platforms and systems, tracking remediation tasks to close gaps.
• Partner with technology, legal and business teams to embed security requirements into projects, services and vendor relationships.
• Conduct regular technical assessments to ensure compliance with internal policies and external standards.
• Identify and document risks related to third‑party vendors, cloud infrastructure, access management and system configurations.
• Evaluate and recommend security technologies such as DLP, EDR, network segmentation and cloud security tools.
• Align activities with the global Information Security Management System (ISMS) based on ISO/IEC 27001:2022 and frameworks like NIST.
• Maintain documentation of security processes, audit reports, compliance controls and risk assessments.
• Use automation tools to perform compliance checks and generate reports.
• Stay up‑to‑date with industry trends, regulations and emerging threats, proposing enhancements to the security baseline.
• Contribute to security awareness programs and mentor colleagues to foster a strong security culture.

Required profile

• Bachelor’s degree or higher in Computer Science, Cybersecurity or a related field.
• Experience in risk assessment, security assessment and remediation planning.
• Ability to work collaboratively with global and cross‑functional teams.
• Strong understanding of security frameworks and compliance requirements.

Required skills

• Data Loss Prevention (DLP) solutions.
• Endpoint Detection and Response (EDR) tools.
• Network segmentation techniques.
• Cloud security tools and cloud infrastructure risk management.
• ISO/IEC 27001:2022 knowledge.
• NIST framework familiarity.
• Security automation and compliance reporting tools.