Tadaweb is a pioneering technology company with roots in Luxembourg and a growing global presence, with offices in the United Kingdom, France, and the United States. For over 13 years, we’ve been on a mission to make the world a safer place by empowering analysts with the tools they need to access the right information at the right time. Our cutting-edge SaaS platform revolutionizes PAI and OSINT investigations, making them faster, smarter, and more effective, all while adhering to the highest ethical standards by relying solely on publicly available information and supporting our clients’ policies. Renowned for our “nothing is impossible” ethos, we prioritize trust, transparency, and innovation in everything we do.

We are seeking a highly motivated and experienced Information Security Officer (ISO) to serve as the primary security leader within our dynamic Global Team. In this critical and highly visible role, you will be instrumental in elevating our cybersecurity posture, driving strategic security initiatives, and fostering a culture of security-by-design across the entire organization. You will be the central figure in strengthening our cyber-resilience against an evolving global threat landscape.

Key Responsibilities:

• Own certification and attestation programs. Scope, run gap assessments, drive remediation, collect evidence, and schedule audits for CMMC Level 2 with a C3PAO, SOC 2 Type II with a CPA firm, and ISO/IEC 27001:2022 with an accredited body.
• Sustain continuous compliance. Define control owners, automate evidence capture, monitor KPIs, and run change control, so posture stays intact as features and architecture evolve.
• Run governance and the ISMS. Maintain the SSP, POA&M, SoA, risk register, and the policy and procedure library. Lead internal audits, management reviews, and corrective actions.
• Embed security in the SDLC. Integrate threat modeling, secure coding standards, SAST, DAST, SCA and SBOM, infrastructure as code guardrails, and release gates tied to framework controls, including ISO 27001 Annex A 8.25 for secure development.
• Operate core controls. Drive vulnerability and patch management, hardened baselines, centralized logging and SIEM, incident response runbooks, and recovery testing.
• Protect data and access. Enforce data classification and handling for CUI where applicable, encryption and KMS with key rotation, least privilege and MFA, and secure remote access aligned to framework expectations.
• Manage third party risk. Run vendor due diligence, contract security clauses, and continuous monitoring. Handle CMMC flow downs and SOC 2 subservice oversight.
• Enable the business. Deliver role-based training for engineering, product, and operations. Coach teams on security by design and communicate risk, audit status, and roadmaps to leadership.

Your Profile:

• Master’s degree in Computer Science, Information Security, or a closely related technical field.
• 3–5 years of dedicated, hands-on experience in a similar Information Security, IT Security, or Security Analyst role.
• Strong, demonstrable understanding of Governance, Risk, and Compliance (GRC) frameworks (e.g., ISO 27001, NIST CSF, SOC 2, CIS Controls, GDPR, CCPA).
• Proven, hands-on experience with modern endpoint and server vulnerability management, patch management, and configuration hardening.
• Working knowledge and practical experience configuring or managing a range of network security technologies (e.g., Next-Gen Firewalls, Proxies, Intrusion Prevention Systems (IPS), Network Access Control (NAC)).
• Familiarity with modern infrastructure monitoring, SIEM, and logging practices for proactive threat detection.

You get bonus points if you have any of the following:

• A "Hacker Mindset": A genuine curiosity and ability to think like an adversary; rapidly learning, dissecting systems, identifying zero-day potential, and creating innovative solutions to enhance security defenses.
• Direct experience securing production environments and managing security services within major cloud platforms (Azure, AWS, or GCP).
• Possession of industry-recognized certifications such as CISSP, CISM, CRISC, CEH, or equivalent.

What we offer:

• The opportunity to join a growing tech company, with strong product-market fit and an ambitious roadmap
• The chance to join a human-focused company that genuinely cares about its employees and core values and with an international exposure with our global team across Luxembourg, Paris, London, and USA
• A focus on performance of the team, not hours at the desk.
• A social calendar including family parties, games nights, annual offsites, End of the year events and more, with an inclusive approach for both younger professionals and parents.

Tadaweb is an equal opportunity employer, and we strive to have a team with diverse perspectives, experiences, and backgrounds.