Information Security Analyst at SpotMe (allows remote)
Posted 3 weeks ago
SpotMe is the worldwide leader of enterprise engagement platforms with a focus on live events, virtual and hybrid meetings, as well as long-term engagement.
The Covid19 crisis has created a big shift in the way people work, meet, and interact with one another. As a result, we’re seeing a total reset of the industry, and while this is a big change, it is also a fantastic opportunity to transform the way people engage in meetings and events.
In the past months, we have fully embraced this opportunity, and have evolved our platform and apps to match these new needs. Our agility has allowed us to adapt with the fastest possible pace, by continually delivering and deploying new features and innovations.
In parallel, we have also had to adapt the way we work, with a focus on flexibility. Our employees are now free to decide when they want to work from home, and when they come into our offices. In fact, they can work from anywhere they want in Europe or the US.
In this role, you will be providing support in maturing and optimizing information security and compliance across SpotMe global operations, and reporting directly to the CEO. Responsibilities:
- Responsible for SpotMe’s information security programs and strategic projects to further strengthen SpotMe information security governance
- Responsible for the design, implementation, review and audit of new and existing security controls
- Responsible for the ISO27001 certification
- Manage SpotMe’s existing security compliance and audit programs (including SOC 2 reporting, penetration testing, network & vulnerability scanning) as well as customer-initiated audits
- Respond to information security and data privacy due diligence requests from customers
- Conduct risk assessments with internal parties and with 3rd party vendors; monitor and support reporting on risk reduction activities; drive corrective actions to mitigate vulnerability risks
- Support executive and technology management with organization, process and architecture recommendations; define the organizational security posture, best practices, mailing lists and threat intelligence feeds reviews, as well as input to security governance and policy
- Conduct internal audits to ensure that compliance towards established standards is maintained
- Foster a security culture with the teams and deliver annual internal training programs
- Govern disaster recovery (DR) and business continuity (BC) plans and related procedures
- Maintain documentation of projects, plans and actions taken towards information security
- Report to executive and engineering teams on governance and policy violations
Required skills and experience:
- 3+ years of experience in information security, auditing or consulting with high-growth technology businesses
- Understanding of, and implementation experience with ISO 27001:2013 and AICPA SOC 2 attestation standards
- Understanding of, and compliance experience with the EU General Data Protection Regulation (GDPR)
- Knowledge of common vulnerability frameworks and system, application and database hardening techniques and practices
- Knowledge of networking standards (Ethernet, WLAN, TCP/IP, DNS) and Linux networking tools
- CISSP certification or equivalent is required
- Excellent English in verbal and written communications
- Keen to deliver to the highest existing standard with an uncompromised attention to detail
- Deliver on time and to specification levels
- Confident, proactive, self-starter, organized
- Collaborative approach to problem-solving
- This is an independent role that requires a team player for implementation
- Willing and able to take responsibility for his/her actions and for the team delivery
- Curios and open minded
- Excellent listening and communication skills, as well as willingness to help others
- Possesses a solid dose of common sense
Do you want to join us in this exciting adventure? Please do not hesitate to reach out to us.