Information Security Analyst
Role details
Job location
Tech stack
Job description
- Compliance & Audit Leadership: Support the maintenance of our compliance frameworks, specifically ISO 27001 and SOC2 Type II. You will need to be comfortable being a primary point of contact for external auditors.
- Client Assurance: Own the end-to-end process for Client Audits and Security RFIs, translating our complex technical controls into clear, professional, and digestible responses for stakeholders.
- Cloud Governance: Apply a GRC lens to our cloud environment, ensuring that our AWS infrastructure aligns with best practices (CIS benchmarks) and triage alerts in line with our internal risk appetite.
- Incident Management & Triage: Monitor security tools and act as a first-to-second responder for alert triage. You'll manage the lifecycle of security incidents, from discovery to post-mortem.
- Third-Party Risk Management: Conduct thorough due diligence on suppliers, integrations , ensuring our supply chain meets our rigorous security standards.
- Risk-Based Decision Making: Conduct risk assessments across the business, providing actionable advice that balances security requirements with operational efficiency.
- Security Automation: Identify opportunities to automate manual GRC and SecOps tasks to increase the team's velocity.
Requirements
We are looking for a versatile, proactive mid-Level Security Analyst to join our lean but high-impact security team. This "generalist" role offers a 360-degree view of Information Security and is designed for someone who thrives on variety-one day you'll be leading a SOC 2 audit, and the next you'll be triaging a security alert or refining our AWS security posture., * 3-5 years experience in Information Security, with a proven track record in a 'full stack' security or GRC role
- Experience triaging alerts (CSPM/SIEM/EDR), incident management and a foundational understanding of cloud native security tools
- You enjoy creating processes where none exist and can move from "problem identified" to "solution implemented" independently.
- You've led SOC2 or ISO27001 audits and know how to manage evidence collection, auditor expectations and communicate to stakeholders effectively.
- Relevant certifications are a plus (CISA, CISSP), but we value functional experience and the ability to apply security principles to real-world business problems above all else.
Benefits & conditions
- We're excited to offer Share Options as part of our compensation package.
- 20 days of PTO per year + public holidays, and we want you to take all of them!
- 3 volunteer days to use for any charitable/voluntary cause you would like.
- A top-tier private health insurance package.
- 401k contribution plan
- Work from home stipends
- A personal learning and development budget through Learnerbly. You'll be supported in your quest for knowledge, whatever that looks like to you.
- If you're thinking of starting or growing your family, then you'll be in great company - more than half of our team are parents and we've built a globally consistent parental leave approach that we're proud of.
- Employee Referral Scheme.
- Safeguarding the mental health of our teams is paramount for us. If you'd like to, then you'll be able to avail yourself of multiple Cutover mental health initiatives, from fully subsidized therapy sessions to subscriptions to leading wellbeing platforms.
Target compensation package: $145,000-155,000 base salary + stock options + benefits
The final offer may vary from the target compensation package, taking into consideration factors such as your experience level and skill set. If we aren't aligned on salary at this stage, we'd still love to hear from you to better understand if there are more suitable opportunities at Cutover.
Diversity Statement - Empowering Our Teams
We encourage our team to bring their authentic selves to work, which we have found has strengthened workplace relationships and fostered a genuine sense of community.
