|
Описание: |
About the Company
Paybis is an international FinTech company operating in the crypto and payments space. We build secure, compliant, and user-friendly products for individual and corporate clients worldwide.
As part of strengthening our security and compliance foundations, we are expanding our Security function and are looking for an Information Security Analyst to own operational security governance, risk management, and regulatory readiness across the organization.
This role is critical to scaling Paybis’ security maturity in a regulated environment and evolution of regulatory journey such as MiCA and DORA.
Role Purpose
The Information Security Analyst is responsible for operational information security, governance, risk, and compliance (GRC) activities across Paybis.
The role focuses on:
* systematizing security processes,
* reducing regulatory and operational risk,
* ensuring audit-ready documentation and evidence,
* and offloading engineering and security leadership from recurring governance and compliance tasks.
Immediate priority: establish structured security governance, risk management, and third-party security processes.
Long-term priority: act as the operational backbone of the security function and a key execution partner to the CISO.
Key Responsibilities
Immediate Focus (First 3–6 Months)
* Update and maintain a centralized information security risk register with ownership and remediation tracking.
* Inventory, normalize, and maintain existing security policies, procedures, and documentation.
* Take full ownership of vendor and partner security assessments and due diligence processes.
* Support ongoing audits, regulatory inquiries, and partner security reviews.
* Document current incident response, escalation, and post-incident reporting processes.
* Close gaps between implemented security controls and formal, audit-ready documentation.
Security Governance, Risk & Compliance (Ongoing)
* Operate and continuously improve security governance processes across teams.
* Support MiCA and DORA evolution:
* control mapping,
* evidence preparation,
* gap tracking and remediation follow-up.
* Prepare and maintain audit-ready evidence packages.
* Coordinate between Engineering, Legal, Compliance, Product, and Security stakeholders.
* Act as the central point of coordination for operational security governance.
* Ensure security documentation is current, version-controlled, and consistently applied.
Collaboration & Role Influence
The Information Security Analyst works closely with:
* Legal / Compliance (primary stakeholders)
* Engineering teams
* Product (partner-facing processes)
* Partnerships / Procurement (vendor risk)
Active participation is expected in:
* Partner and vendor vetting
* Internal and external audits
* Close collaboration with the CISO and security leadership
Required Experience & Expertise (Must-Have)
* 3–5 years of experience in Information Security, GRC, or Risk Management.
* Proven experience working in regulated environments (fintech, financial services, crypto, or similar).
* Strong understanding of:
* risk management lifecycle,
* third-party / vendor risk management,
* ISMS fundamentals (ISO 27001 or equivalent).
* Working-level knowledge of MiCA and DORA requirements.
* Experience preparing documentation and evidence for audits or regulatory reviews.
Nice-to-Have Experience
* Fintech or crypto industry background.
* Experience supporting external auditors or regulators.
* ISO 27001 implementation or maintenance experience.
* Familiarity with SOC 2 or similar frameworks.
* Experience working closely with or reporting to a CISO.
Soft Skills
* Strong ownership mindset and ability to operate independently.
* Ability to structure ambiguity and turn ad-hoc practices into repeatable processes.
* Excellent documentation discipline and attention to detail.
* Clear, confident communication with non-technical stakeholders.
* Pragmatic, solution-oriented approach (not bureaucratic).
* Ability to influence across teams without direct authority.
What We Offer
* Strategic Impact: Direct influence on Paybis’ security and regulatory maturity.
* Growth Opportunity: Clear path into senior GRC or security leadership roles.
* Dynamic Environment: Fast-growing fintech and crypto company operating in regulated markets.
* Collaborative Culture: Close interaction with security, engineering, legal, and leadership teams.
* Flexible Working: Remote-first setup with occasional on-site workshops.
* Competitive Compensation: Salary aligned with experience, plus performance-based bonuses.
If you are a pragmatic Information Security Analyst who enjoys building structure, owning security governance, and working at the intersection of security, compliance, and business — we would be glad to meet you.
Відгукнутись на вакансію |
