MUST HAVES

• 4+ years of experience in cybersecurity with a focus on risk management and compliance.
• Strong understanding of vulnerability management and risk assessment methodologies (NIST RMF, ISO 27001).
• Hands-on experience with compliance frameworks (SOC2, HITRUST, PCI DSS).
• Excellent analytical skills and a collaborative approach, especially when working with IT and DevOps teams.
• Upper-Intermediate English level.

• Perform regular vulnerability scans across systems and applications; analyze findings and prioritize remediation based on business risk.
• Maintain accurate asset inventories including SBOM/HBOM for core systems.
• Collaborate with IT/DevOps teams to track and validate the remediation of security vulnerabilities.
• Coordinate evidence collection and preparation for external audits (SOC2, HITRUST, PCI DSS), reducing the operational burden on engineering teams.
• Develop and maintain internal security policies and standards aligned with compliance requirements.
• Monitor compliance posture, identify gaps, and support remediation plans.
• Conduct recurring risk assessments to identify security control weaknesses and emerging threats.
• Maintain the organization’s risk register and follow up on mitigation efforts.
• Evaluate risks related to emerging technologies, including Generative AI.
• Support incident response activities and address security inquiries from clients and partners.
• Provide day-to-day guidance on security best practices to internal stakeholders.