JOB LEVEL: 

Intermediate

EMPLOYMENT TYPE:

Full Time, Hybrid, Standard working time

ABOUT US:

Zetta Hosting Solutions Ltd. is part of Zetta Group, a group of technology companies with over 25 years of history and a proven track record of creating high-tech platforms for managing online payments, massive networks of users, data and internet traffic. It is a leader in providing services in the field of Software development, Technical Compliance and Managed IT services for regulated institutions, auditing and certification according to PCI DSS and ISO27001 and ISO/IEC20000-1 standards. It also offers Cloud and hosting solutions for corporate customers as well as Managed DevOps services for customers in Europe and North America. The company has over 200 experts and its office locations in: Sofia – Bulgaria, Kiel – Germany, London – United Kingdom, Barcelona – Spain, Vilnius – Lithuania, Warsaw – Poland, Bratislava – Slovakia and Tirana – Albania.

ROLE OVERVIEW:

The Technical Analyst – GRC will collaborate with process owners, internal auditors, external auditors, and other stakeholders in order to assist in reviewing, monitoring, and resolving findings. This includes helping the team manage PCI DSS, ISO27001, ISO20000-1 and SOC2 Compliance programs. By supporting the implementation of internal and external assessments, responding to and managing the full lifecycle of compliance audits, and ensuring compliance with existing and emerging regulations and standards including SOC2, ISO 27001, PCI, SOX, and other GRC activities, the Principal GRC Analyst will also contribute to the transformation of the company’s IT compliance program.

KEY RESPONSIBILITIES:

• Manage risk and vulnerability assessments, validation testing, compliance reviews, and audits in accordance with NIST standards.
• Manage and support PCIDSS ISO200001 SOC 2 and ISO 27001 audits.
• Promote widespread implementation of ISO 27001 and ISO200001 standards.
• Maintain and monitor a central repository for audit evidence.
• Inform the proper stakeholders of important concerns and hazards.
• Work together with other stakeholders to link our corporate IT procurement and privacy departments with GRC objectives.
• Maintain uptodate knowledge of procedures and methods that serve to broaden team knowledge and industry expertise.
• Manage security standards policies and practices on an annual basis to make sure they meet corporate demands.
• Assist the department in responding to inquiries from the business units about ongoing operational compliance.
• Be proactive in seeking out areas for improvement and offer insightful advice and value added guidance on process and control enhancements.
• Share information with managers to avoid surprises draw attention to problems and guarantee delivery on time.

JOB REQUIREMENTS:

• 3+ years of direct experience in information security, with a main emphasis on risk and compliance.
• Expertise conducting ISO 27001, ISO20000-1, PCI DSS and SOC 2 audits, as well as handling audit responses will be considered an advantage.
• Thorough understanding of market structures, including relevant regulatory compliance requirements (ISO27001, SOC 2 , SO20000-1, PCI DSS, NIST, FedRamp, CMMC, GDPR, etc.).
• Knowledge of identity management standards, storage, and disaster recovery in the cloud.
• Knowledge of GRC tool techniques and best practices (OneTrust or others).
• Proven track record of organizing and carrying out several risk and compliance projects.
• Ability to successfully manage third-party audits, compile evidence, and organize audit responses.
• Keen attention to detail.
• Effective written and verbal communication skills and the capability to communicate with cross-functional teams.
• Proven analytical and problem-solving abilities for managing initiatives that advance corporate goals.

WHAT WE OFFER:

• Competitive remuneration.
• Additional extended health and dental insurance.
• Preferential fitness price.
• Friendly work environment.
• Flexible working hours.
• Option to work from home.
• Free snacks and beverages in the office.
• Company events – teambuilding, parties.