Senior GRC Information Security Analyst

About Us

Duco is on a mission to reduce the time spent on data-related work by 90%. Our enterprise data automation platform empowers teams to work more efficiently and meaningfully by giving them the ability to automate data controls with the latest technology, such as no-code, the cloud, and AI.

We help firms to start trusting their data, by giving them one intuitive platform to automate the front-to-back processing of all kinds of data (from structured Excels and RTFs to unstructured PDFs and emails). This eliminates the boring manual work across the data lifecycle and enables firms to act faster, work smarter, save money, reduce risk and comply with regulatory requirements.

We're headquartered in London and have offices in New York, Boston, Wroclaw, Singapore, and Antwerp. We're proud to call some of the largest global financial institutions our clients, including over 15 of the world's largest international banks, as well as brokers, exchanges, asset managers, hedge funds, administrators, service providers and corporates.

The Role

We are looking for an experienced Information Security Analyst in the GRC (Governance, Risk, and Compliance) space to support both our internal departments and external stakeholders to ensure maintaining the trust and integrity of the organisation's digital infrastructure and staying compliant with all relevant regulations. Working closely with the Head of Information Security, you will be integral in shaping the future of InfoSec within Duco. This role will be primarily based in our Wroclaw office, with ability to work remotely at times.

Primary Responsibilities:

• Lead the development and maintenance of the Information Security policy framework in-line with risk appetite, legislation and industry best practices
• Lead the enterprise risk management framework across the business
• Lead 3rd party due diligence activities
• Lead the response to client Information Security enquiries and questionnaires
• Curate and maintain Duco's Information Security knowledge base in support of Duco Customer Success and Pre-Sales teams
• Provide initial point of contact and triage for Information Security requests from across the business
• Collaborate and provide input on Regulatory compliance, including DORA, Cyber Resiliency and AI regulation
• Collaborate with engineering teams to build out a security knowledge base
• Develop and maintain security KRIs and KPIs
• Provide Information Security advice and guidance
• Maintain an awareness of the existing and emerging threat landscape
• Work closely with colleagues across the business to promote a strong Information Security culture and ensure compliance with Information Security policies and procedures
• Support maintenance and compliance of our ISO27001 and SOC1/2 accreditation.
  
  

We are looking for someone with:

• 6 years of previous experience in Information Security in a role with similar responsibilities
• Previous experience with enterprise risk management.
• Previous experience with managing 3rd party due diligence and risk
• Previous experience conducting Information Security assessments
• Previous experience maintaining an established Information Security Management System (ISMS)
• Previous experience with Information Security incident management.
• Previous experience maintaining accreditations such as ISO27001, SOC1 and SOC2
• Extensive knowledge of cloud computing environments, container-based technologies, and associated security controls and standards
• Knowledge of Google Workspace, JIRA, and Confluence
• Ability to work in a fast-paced and collaborative environment where you may be responsible for developing novel solutions
• Proficiency in delivery, stakeholder management, reporting, and risk and issue management
  
  

Benefits:

• A starting annual salary in the range of PLN 226 000 - 250 000 gross annually, aligned to your skills and experience. Reviewed annually
• Success Share or Commission bonus payments
• Private Medical Insurance - Inter Polska
• Life Insurance
• Multisport Program
• Unlimited annual holiday, because we trust our people to manage their own time off
• Enhanced family leave
• Employee Assistance Programme
• 4 Volunteering days off
• Flexible working policy (2 days per week in office)
• Home working allowance
• Opportunity to work abroad for up to 6 weeks per year
• Personal learning and development opportunities (annual dedicated budget)
• Referral bonus if we hire someone great who you've recommended to us
• Spot Rewards
• Employee of the Month and Employee of the Year awards
• Pressure-off Fridays (no meetings)
• Wellbee
  
  

Want to do a little more research before you apply?

Head over to our Glassdoor page to learn about our benefits, culture and to find out what our team thinks about life at Duco. You can also find out more about us on LinkedIn

Disclaimer

Because we are committed to inclusivity, we strive to provide equitable opportunities for everyone. If you require accommodation during the recruitment process, please let us know at [email protected]. Include your contact information, the role you're applying for, and how we can accommodate you.

During the interview process and after hire, Duco does not discriminate on the basis of race, colour, gender or gender expression, sexual orientation, marital or pregnancy status, national origin, age, disability, religion or creed, socioeconomic background or status, size, or any other protected characteristic.