Logo for Didomi

Information Security Analyst

Key Facts

Remote From: 
Freelance
Mid-level (2-5 years)
English

Other Skills

  • •
    Governance
  • •
    Communication
  • •
    Problem Solving
  • •
    Collaboration

Roles & Responsibilities

  • 3+ years of experience in a GRC, compliance, or information security analyst role, ideally within a SaaS or technology company
  • Solid working knowledge of ISO 27001, including Annex A controls and the audit process
  • Hands-on experience with vulnerability management tools and access governance processes
  • Strong written communication in English

Requirements:

  • Help maintain and improve our ISO 27001 management system, ensuring controls remain effective, documented, and continuously evidenced
  • Carry out recurring activities on the security calendar in support of the security team, including vulnerability scanning campaigns and quarterly access reviews
  • Contribute to the security team's reviews of new tools, vendors, and SaaS applications for security and compliance risks before adoption
  • Support the security team on broader initiatives such as AI governance and SaaS governance

Job description

We are looking for an Information Security Analyst to join our Security & IT team and become the operational backbone of our ISO 27001 program. You will support the day-to-day work that keeps Didomi audit-ready year-round and run recurring security activities across the company.

This role is roughly 80% recurring compliance work: evidence collection, audit preparation, access reviews, vendor reviews, and security questionnaire responses. Leverage is the whole game. We want someone who reaches for automation and AI tooling as a default and who actively pushes back on process that no longer earns its keep, rather than someone who accepts that compliance work has to be slow or manual.

This role reports to the Security Manager.

The responsibilities are as follows:


ISO 27001 program and audit readiness
  • Help maintain and improve our ISO 27001 management system, ensuring controls remain effective, documented, and continuously evidenced.
  • Contribute to internal audits, surveillance audits, and recertification cycles, including the upcoming unified audit covering Didomi and recently acquired business units.
  • Track corrective actions, nonconformities, and continuous improvement initiatives, supporting the security team in driving them to closure.

  • Security operations and recurring activities
  • Carry out recurring activities on the security calendar in support of the security team, including vulnerability scanning campaigns, quarterly access reviews, risk assessments, business continuity tests, and policy review cycles.
  • Triage vulnerability findings from AWS GuardDuty, Inspector, and other sources, then work with the Security Manager to define remediation priorities and follow them through to closure.
  • Run periodic access reviews across critical systems (Google Workspace, AWS, Slack, JAMF, GitLab, GitHub, and internal applications), surfacing findings to the Security Manager and helping ensure they are remediated.

  • Cross-functional security support
  • Contribute to the security team's reviews of new tools, vendors, and SaaS applications for security and compliance risks before adoption.
  • Help the security team assess and harden internal workflows, with a particular focus on identity, access management, MFA, SSO, and data handling.
  • Support the security team on security questionnaires, RFPs, and customer due diligence requests.
  • Support the security team on broader initiatives such as AI governance, SaaS governance, and integration of acquired entities into the ISO scope.

  • Preferred skills & experience
  • 3+ years of experience in a GRC, compliance, or information security analyst role, ideally within a SaaS or technology company.
  • Solid working knowledge of ISO 27001, including Annex A controls, the audit process, and how to operationalize the standard rather than treat it as paperwork.
  • Hands-on experience with vulnerability management tools and access governance processes.
  • Hands-on experience with Vanta, including running ISO 27001 (or comparable) audits end-to-end on the platform.
  • Hands-on experience with the AWS security suite, in particular GuardDuty and Inspector, including triaging findings and proposing remediation priorities.
  • Demonstrated use of AI tooling to accelerate recurring compliance and documentation work. You should be able to walk us through concrete examples of what you have built or automated.
  • A strong bias toward removing process. You actively challenge controls, paperwork, and workflows that no longer earn their keep, and you propose lighter alternatives.
  • Strong written communication in English. You can explain security topics clearly to engineers, executives, and customers alike.
  • A pragmatic mindset: you favor controls that work in practice over controls that only look good on paper.

  • Nice to have
  • Experience supporting HIPAA or HITRUST programs, and comfort mapping requirements across frameworks.
  • Familiarity with cloud environments (AWS in particular) and with common SaaS administration (Google Workspace, Slack, identity providers).
  • Exposure to security questionnaire platforms and trust center tooling.

  • Tools you’ll work with on a regular basis
  • Compliance and GRC: Vanta
  • Cloud and security monitoring: AWS, AWS GuardDuty, AWS Inspector, AWS Security Hub
  • Identity and access: Google Workspace, SSO and MFA providers
  • Endpoint and device management: JAMF
  • Code and engineering: GitLab, GitHub
  • Collaboration and documentation: Slack, Notion, Google Workspace
  • SaaS governance and vendor review: internal review workflows and questionnaire tooling
  • Information Security Analyst Related jobs

    Other jobs at Didomi

    We help you get seen. Not ignored.

    We help you get seen faster — by the right people.

    🚀

    Auto-Apply

    We apply for you — automatically and instantly.

    Save time, skip forms, and stay on top of every opportunity. Because you can't get seen if you're not in the race.

    ✨

    AI Match Feedback

    Know your real match before you apply.

    Get a detailed AI assessment of your profile against each job posting. Because getting seen starts with passing the filters.

    Upgrade to Premium. Apply smarter and get noticed.

    Upgrade to Premium

    Join thousands of professionals who got noticed and hired faster.