Information Security Manager
Information Security Manager
Brain
Rocket is a global technology company that creates end‑to‑end tech products for clients across Fintech, i
Gaming, and Marketing.
- Lisbon, Portugal
- Sofia, Bulgaria
- Warsaw, Poland
Lead internal security audits, risk assessments, and controls across engineering, product, and infrastructure.
Responsibilities- Conduct internal security audits of systems, business processes, and new integrations.
- Review and challenge technical and organizational controls;
identify weaknesses andimprovement areas. - Participate in security architecture discussions and proactively recommend control mechanisms.
- Define security requirements for internal systems, tools, and business processes.
- Work closely with engineering, infrastructure, and product teams to integrate controls into workflows and architectures.
- Validate that implemented controls meet design and compliance objectives.
- Perform risk assessments for internal tools and third‑party services (pre‑ and post‑integration).
- Maintain the Risk Register and collaborate with asset owners on risk mitigation plans aligned with ISO 27001/27701 and other frameworks.
- Support audit readiness and evidence collection for ISO 27001, PCI DSS, and other certifications.
- Analyze data flows and define appropriate protection strategies (encryption, masking, access management).
- Ensure logging, alerting, and monitoring controls are in place and passed to the SOC.
- Conduct periodic access reviews and role validations.
- Contribute to security awareness initiatives and training content.
- Collaborate with business and IT teams to optimize secure‑by‑design practices across departments.
- 3+ years of experience in information security, internal audit, GRC, or similar roles.
- Hands‑on experience conducting internal audits, risk assessments, and designing/implementing security controls.
- Strong knowledge of ISO 27001/27701, PCI DSS, GDPR, and relevant security frameworks.
- Experience maintaining a Risk Register and working with asset owners on mitigation planning.
- Ability to define and validate security requirements for internal systems and processes.
- Understanding of data protection principles including encryption, masking, and access control.
- Solid understanding of modern access management approaches such as RBAC, JIT, and Zero Trust.
- Strong analytical and documentation skills;
ability to structure findings and communicate clearly across teams. - Self‑driven and structured approach to auditing, with the ability to work across technical and business functions.
- Nice to have: Relevant certifications such as ISO 27001 Lead Auditor, CISA, CRISC, CISSP, or Comp
TIA Security+. - Nice to have: Experience collaborating with a SOC team or working with log and alert management systems.
- Learning and development opportunities and challenging tasks.
- Opportunity to develop language skills with partial compensation for the cost of English/Spanish/Serbian/Polish/Portuguese (for localisation purposes).
- 20 working days of annual vacation and additional paid sick days.
- Competitive remuneration level with annual review.
- Time for proper rest.
Bold moves start here. Make yours. Apply today!
#J-18808-Ljbffr- Informações detalhadas sobre a oferta de emprego
Empresa: BrainRocket Localização: Lisboa
Lisboa, Lisboa, PortugalPublicado: 13. 12. 2025
Vaga de emprego atual
Seja o primeiro a candidar-se à vaga de emprego oferecida!