Information Security Lead Engineer in Secro Inc.

Who we areSecro is a fast-growing, early-stage SaaS startup on a journey to eradicate frauds and inefficiencies from global trade. Come join the company that is reinventing the way the maritime industry is performing business by providing state-of-the-art supply chain, LegalTech and fintech platform. Our vision is to enable frictionless global trade, while creating life-changing opportunities for entities that will accelerate their business. Secro team includes seasoned veterans from HSBC, IBM, AWS, Amazon, Polsteam, and MSC. We are expanding our team and hiring exceptional people, join us if you want to leave your mark in one of the oldest, yet most exciting industries on the planet.The roleWe're seeking a passionate Information Security & Governance Lead to forge the backbone of our security infrastructure. This is a pivotal, hands-on role where you'll shape our security strategy, ensure compliance with industry standards, take active participation in security certifications, and protect our valuable customer data. If you thrive on building security programs from the ground up and excel in a fast-paced startup environment, this is the perfect role for you.What You'll Do:Governance and Compliance: • Design and implement a robust security governance framework, encompassing processes like incident management, disaster recovery, vulnerability management, and end-user support.• Spearhead documentation for ISO 27001 compliance, driving the organization towards successful certification.• Mastermind the process for SOC 2 attestation, including preparation, implementation, and ongoing maintenance.• Train employees on cybersecuritySecurity Operations: • Facilitate security audits of our SaaS product to identify potential vulnerabilities.• Partner with external vendors to coordinate penetration tests and remediate findings.• Oversee and optimize our security incident response plan.• Champion security awareness training initiatives within the organization.Continuous Improvement • Proactively monitor evolving cybersecurity threats and best practices, adapting our security posture accordingly.• Collaborate with development and product teams to embed security-by-design principles throughout our product lifecycle.Skills & Experience We're Looking For:Must-Haves: • Minimum 5+ years of experience in information security, preferably within a SaaS environment.• Knowledge of ISO 27001 compliance standards and frameworks.• Hands-on experience with SOC 2 preparation and attestation.• Experience with designing and implementing security policies, procedures, and governance processes.• Demonstrated ability to conduct technical security assessments, including vulnerability scanning and risk analysis.• Knowledge of data protection operations and legislation (GDPR)Desirable: • Security certifications such as CISSP, CISM, CCSP, SSCP or similar.• Experience with cloud security and AWS, Azure, or other cloud providers.• Background in a development or engineering role is a strong asset.• Knowledge of scripting languages (Python, Bash, etc.) for automation tasks.The Ideal Candidate Is:• Detail-Oriented: You meticulously approach documentation and have exceptional organizational skills.• Self-Motivated: You work effectively with minimal supervision and drive projects to completion.• An Excellent Communicator: You can translate technical security concepts to stakeholders at all levels.• Adaptable: You embrace the dynamic nature of a startup and adjust your approach as needed.Benefits(Depending on Location)• Medical/Rx Insurance • Vision Insurance • Life & Accident Insurance• Dental Insurance • Short- and Long-Term Disability Insurance • 401(k) Retirement Savings Plan• Employee Stock Participation Plan Time Off• Flexible paid time off covering vacation and sick leave.Location Our tech team is based in Wroclaw, Poland. Our business team is based in the US. We might evaluate candidates from both countries and, for great talents, also other locations.***We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by the law, status, or other protected characteristic.