Senior Information Security Risk Analyst

Description

We are looking for a proactive and detail-oriented Information Security Specialist to lead and manage our cybersecurity governance and risk function. The ISO is responsible for ensuring that our security posture aligns with business objectives, regulatory requirements, and recognized security frameworks (e.g., ISO/IEC 27001, NIST CSF, SOC 2, DORA, NIS2, GDPR). This role acts as a key liaison between technical teams, executive management, and external stakeholders (e.g., auditors, regulators, clients).

• Develop, review, and enforce information security policies, ensuring they align with business and regulatory needs (e.g., DORA, GDPR, NIS2).
• Maintain and enhance the Risk Register, performing control gap analysis and tracking mitigation actions.
• Coordinate external audits/certification efforts (e.g., SOC 2, ISO 27001, SWIFT CSP, PCI DSS, NCSC CAF, NYDFS NYCRR 500, SEC Cyber Rules, CPS 234).
• Provide security input to change management, procurement, new projects, and system design reviews.
• Maintain the third-party risk program: conduct security due diligence, review vendor assessments.
• Own and maintain the Information Security Management System (ISMS) and all related policies, standards, procedures, and guidelines.
• Map security controls to regulatory and industry standards (e.g., ISO/IEC 27001, NIST CSF 2.0).
• Establish formal channels for incident communication.
• Define and manage security metrics, KPIs, and KRIs for dashboards and board-level reporting.
• Validate alignment with regulatory expectations (e.g., DORA RTS) regarding patch timelines, exposure windows, and remediation governance.
• Participate in or lead Security Steering Committees and workstreams.
• Lead the design and execution of cybersecurity risk assessments across systems, vendors, projects, and business units.
• Oversee the implementation of controls by the first line (e.g., SOC, DevOps, Infrastructure) and challenge their effectiveness.
• Promote a culture of security across all departments, from developers to executives.
• Lead the security awareness training program, phishing simulations, and targeted security education campaigns.
• Review metrics and risk reports, challenge first-line remediation owners, and escalate unresolved high-risk exposures to governance bodies or senior management.
• Provide second-line oversight of the global vulnerability management program, ensuring regular scanning, risk-based prioritization, remediation tracking, and exception handling across all environments (cloud, endpoint, SaaS, network).
• Support Privacy, Legal, and Compliance teams in data protection impact assessments (DPIAs), breach reporting, and third-party compliance.

Requirements

• Experience operating under regulatory environments such as DORA, GDPR, NIS2, FCA.
• Ability to engage both technical and non-technical stakeholders and bridge the gap between business risk and technical controls.
• Capable of operating independently and taking ownership of key risk initiatives.
• Strong understanding of information security frameworks: ISO/IEC 27001/2, NIST CSF, NIST 800-53, CIS Controls v8, SOC 2.
• Politically aware and able to challenge constructively within complex environments
• Excellent risk analysis, documentation, and stakeholder communication skills.
• Familiarity with tools like GRC platforms, risk registers, CMDBs, SIEM dashboards, or compliance automation tools.
• Structured, analytical mindset with strong organizational skills.
• 5+ years in cybersecurity, with at least 2 years in a governance/risk/compliance role.
• Preferred Certifications: GRC / Audit / Risk: ISO 27001 Lead Implementer / Auditor, CRISC, CISM, CISA, CISSP, CDPSE or similar

Benefits

We welcome people from all backgrounds who seek the opportunity to help build a future where we connect the dots for international property payments. If you have the curiosity, passion, and collaborative spirit, work with us, and let’s move the world of PropTech forward, together.

Bonus points

Training + Development

Interview process

Visa Sponsorship

Security clearance