Security Lead

3+ years of experience in information security, IT audit, or digital investigations. Solid understanding of ISO 27001, GDPR, and modern security frameworks (NIST CSF / NIS2). Hands-on experience with SIEM / EDR systems. Proven ability to manage SSO, MFA, DLP, and MDM environments. Strong communication skills in English (B2 or higher). Analytical mindset, integrity, and attention to detail. CISSP, CISM, CEH, ISO 27001 Lead Auditor, AWS Security Specialty (preferred). Experience with Zero Trust, PAM, DLP/CASB, or SOAR platforms (preferred). Forensics experience (preferred). Experience in designing awareness programs or running phishing simulations (preferred).

Maintain and improve ISO/IEC 27001:2022 Information Security Management System (ISMS). Foster a strong Security-First mindset across the organization. Enhance internal security controls with CTO, Head of IT, and DevOps. Conduct internal audits, risk assessments, and coordinate certification renewals. Update security policies and controls in line with ISO 27001, GDPR, NIST CSF, and NIS2 principles. Manage integrations and alerting within Datadog SIEM, CrowdStrike, Cloudflare, and Google Workspace. Support DLP implementation and maintain central tracking of security events. Document risks, incidents, and corrective actions for continuous compliance. Lead investigations into security incidents (phishing, data leakage, unauthorized access). Collect and analyze digital evidence across systems (CrowdStrike, Cloudflare, Google, Slack). Maintain and enhance incident response playbooks and escalation workflows. Collaborate with HR, Legal, and IT teams during internal investigations. Produce post-incident reports and recommend remediation measures. Manage MDM systems (Zoho MDM, Endpoint Central) and ensure macOS endpoint compliance. Maintain CrowdStrike Falcon configurations and endpoint posture enforcement. Oversee SSO, MFA, and 2FA enforcement across services (Google SSO, DUO Mobile, 1Password). Implement Just-in-Time (JIT) privilege elevation and regular admin access reviews. Perform Quarterly RAS Access Management Reviews. Maintain a consistent audit trail for access management.