Security Compliance Specialist
Description
• At SatoshiLabs s.r.o., the creators of Trezor, security is not merely a compliance requirement; it is the foundational principle that has driven our innovation and success since inception. We were pioneers in the hardware wallet space, introducing groundbreaking security features like Recovery Seeds, Passphrases, and Shamir Backup, which have become industry standards and are integral to our global reputation. As we continue to grow and navigate an increasingly complex regulatory landscape, including evolving mandates like NIS2 and CRA, we are seeking a dedicated Security Compliance Specialist to join our mission.
• This is a dynamic, cross-functional role offering a unique opportunity to significantly impact our security and compliance posture. You will collaborate closely with various teams across the organization, playing a pivotal role in shaping and scaling our cybersecurity and compliance frameworks. Unlike larger, more bureaucratic organizations, you will experience a practical, meaningful approach to compliance, directly tied to real-world security challenges and solutions.
• Your responsibilities will span multiple critical areas, ensuring a comprehensive approach to security and compliance. You will be instrumental in strengthening our defenses and ensuring adherence to both internal policies and external regulations.
• **Supply Chain Security:** You will conduct thorough assessments of our IT systems' supply chain, with a keen focus on identifying and mitigating cybersecurity risks. This includes developing, implementing, and enforcing robust security standards and protocols for our suppliers and partners. A key part of this will be the ongoing monitoring and evaluation of their cybersecurity practices to ensure they align with our stringent requirements.
• **Access Management:** Primarily focusing on our cloud-based SaaS applications, you will support the design and implementation of effective access control policies and procedures. This ensures that employees have precisely the access they need to perform their roles, adhering strictly to the principle of least privilege. Your involvement will extend to user account management, including the setup, modification, and timely revocation of access, as well as participating in regular access reviews to maintain compliance.
• **Testing & Auditing:** You will play a central role in coordinating and executing regular security and compliance audits. This involves analyzing the results of these audits and tests to pinpoint vulnerabilities and non-compliance issues. Crucially, you will recommend corrective actions and diligently follow up to ensure that identified weaknesses are effectively addressed and remediated.
• **Risk Management Support:** You will assist in the comprehensive identification and evaluation of risks pertaining to our data and information systems. Your contributions will be vital in developing strategies and establishing rules to mitigate these identified risks. You will collaborate with various departments to ensure that risk management measures are seamlessly integrated throughout the company's operations.
• **Data Protection & Privacy:** You will conduct regular reviews of our data processing activities, ensuring they meet regulatory requirements. You will support the implementation of data protection policies, with a particular emphasis on ensuring compliance with GDPR and other relevant privacy regulations.
• **Asset Management:** You will contribute to maintaining an accurate inventory of all IT assets, ensuring they are correctly classified and managed according to their specific security requirements. This includes participating in the development and enforcement of policies governing the entire lifecycle of these assets, from procurement and usage to secure disposal.
• **People Management Integration:** You will collaborate with the HR department to ensure that roles and responsibilities are clearly defined and integrated into our access management processes. Furthermore, you will support initiatives aimed at embedding cybersecurity awareness and best practices into the organizational culture.
• **Classification of Information:** You will assist in the implementation of a data classification framework, enabling us to categorize data based on its sensitivity. This will involve supporting the implementation of appropriate controls and handling procedures for each data category, and collaborating with relevant departments to ensure consistent application of the classification scheme across the entire organization.
• This role is ideal for an individual who thrives in a proactive, security-focused environment and is eager to contribute to a company at the forefront of digital asset security.
Apply tot his job
Apply To this Job