Information Security Analyst

SptM - ISA


  • 3+ years of experience in information security, auditing or consulting with high-growth technology businesses
  • Understanding of, and implementation experience with ISO 27001:2013 and AICPA SOC 2 attestation standards
  • Understanding of, and compliance experience with the EU General Data Protection Regulation (GDPR)
  • Knowledge of common vulnerability frameworks and system, application and database hardening techniques and practices
  • Knowledge of networking standards (Ethernet, WLAN, TCP/IP, DNS) and Linux networking tools
  • Information security certifications, such as CISSP, CISA or their equivalent is a plus
  • Excellent English verbal, presentation and written communications skills


In this role, you will be providing support for maturing and optimizing information security and compliance across SpotMe global operations. Reporting to the VP Engineering, with a dotted line to CloudOps Team Lead, you will be responsible for the following:

  • Responsible for SpotMe information security programs and strategic projects to further strengthen SpotMe information security governance
  • Responsible for the design, implementation, review and audit of new and existing security controls
  • Manage our existing security compliance and audit programs (including SOC 2 reporting, penetration testing, network & vulnerability scanning) as well as customer-initiated audits
  • Respond to information security and data privacy due diligence requests from customers
  • Conduct risk assessments with internal parties and with 3rd party vendors; monitor and support reporting on risk reduction activities; drive corrective actions to mitigate vulnerability risks
  • Support executive and technology management with organization, process and architecture recommendations; define the organization security posture, best practices, mailing lists and threat intelligence feeds reviews and input to security governance and policy
  • Conduct internal audits to ensure compliance towards standards is maintained
  • Foster a security culture with the teams and deliver annual internal training programs
  • Govern disaster recovery (DR) and business continuity (BC) plans and related procedures  
  • Maintain documentation of projects, plans and actions taken towards information security