IT Security & Compliance Lead - Remote

Budapest, Budapest, Hungary

Applications have closed

Zyte

Access clean, valuable data with web scraping services that drive your business forward. 14 day free trial available.

View company page

At Zyte, we eat data for breakfast and you can eat your breakfast anywhere and work for Zyte. Founded in 2010, we are a globally distributed team of over 260 Zytans working from over 28 countries who are on a mission to enable our customers to extract the data they need to continue to innovate and grow their businesses. We believe that all businesses deserve a smooth pathway to data

For more than a decade, Zyte has led the way in building powerful, easy-to-use tools to collect, format, and deliver web data, quickly, dependably, and at scale. And today, the data we extract helps thousands of organizations make smarter business decisions, secure competitive advantage, and drive sustainable growth. Today, over 3,000 companies and 1 million developers rely on our tools and services to get the data they need from the web.

We are looking for a senior Information Security & Compliance engineer, who enjoys security work and possesses both deep and wide expertise in the security space, to take the lead of the security & compliance team. You will directly report to the Head of IT and work closely with Infrastructure, DevOps, and Product teams to improve the overall security posture at Zyte and support our Information Security program/roadmap.

Roles & Responsibilities:

  • Information Security Program / Roadmap
  • Information security Management system (ISMS)
  • Information Security Policies and Procedures
  • Threat and Vulnerability Management
  • Security Projects- InfoSec Measures & Controls Initiatives / Research of Security Technologies
  • Application Security Testing
  • Identity and Access Management | Access Security
  • Security Incident Management
  • Encryption and Key Management
  • Penetration Testing, including Third Party pen-testing
  • Governance, Risk Management, and Compliance:
    • GRC: Internal Security Audits / Risk Assessments
    • GRC: Vendor Security reviews
    • GRC: Vendor Risk Management
    • GRC: Client security reviews, Client Security Questionnaire, and Risk assessments.
    • GRC - Zyte Risk Management Program
  • Responsible Disclosure Program ( VDP) | BugHunt Program
  • Security Operations and Monitoring (SOC).
  • Security Awareness Program
  • IT admin Operations - Escalation point for IT Support Team
  • Compliance OPS - Security review of Master agreements, DPA
  • Mobile Security
  • Engineer, implement, and monitor security measures for the protection of computer systems, networks, and information.
  • Identify the current state and define a plan to implement system security requirements based on our Security Core Principles.
  • Write comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement.

Requirements

Must:

  • 5+ years experience in a Cyber Security role.
  • In-depth knowledge of Security standards such as NIST CSF, ISO 27001, NIST 800-53, and SOC 2.
  • Solid experience in establishing Information Security Programs /Roadmap
  • Strong experience in establishing Information security Management systems (ISMS)
  • In-depth knowledge on GRC (Governance, Risk Management, and Compliance).
  • Experience conducting Web Application Security Testing / Penetration testing
  • Strong experience in Threat and Vulnerability Management
  • Solid experience in Application Security Testing
  • In-depth Experience in Security Operations
  • Strong oral and written communication skills in English
  • Highly organized, able to multitask, report to management and senior leadership teams, and work individually and within a team, managing in the short term and across teams.

Desirable:

  • Good experience operating security on cloud or on-premise environments such as GCP, AWS, Servers.com, and Hetzner.
  • Good driving remediation actions on Web Applications and infrastructures with Development, Engineering Teams.
  • Understanding of web API security best practices.
  • Good conceptual understanding of the Secure SDLC.
  • Experience in Vulnerability Disclosure Program ( VDP) | BugHunt Program
  • Solid experience creating security documentation and technical process documentation, security policies & procedures.
  • Spanish will be a plus.
  • Flexibility around working hours - if there is an issue you should use your initiative and help resolve it as Lead for IT Security & Compliance.
  • Maintaining and respecting the confidentiality of large amounts of information you have access to.
  • Bonus:

    • Security Certifications (CISSP / CEH / CISA).
    • Experience with SAST / SCA tooling aligned with the OWASP Top 10 and CWE Top 25

Benefits

By joining the Zyte team, you will:

  • Become part of a self-motivated, progressive, multicultural team.
  • Have the freedom & flexibility to work remotely.
  • Get the chance to work with cutting-edge open-source technologies and tools.



* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: APIs Application security Audits AWS CEH CISA CISSP Cloud Compliance DevOps Encryption GCP Governance IAM ISMS ISO 27001 Mobile security Monitoring NIST NIST 800-53 OWASP Pentesting Risk assessment Risk management SAST SDLC SOC SOC 2 Vulnerability management

Perks/benefits: Career development

Regions: Remote/Anywhere Europe
Country: Hungary
Job stats:  17  6  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.