Job Drop BerlinYOUR WAY INTO BERLIN TECH
POST A JOBSAVED JOBSMEET A STARTUPREADSUBSCRIBE
NewsletterLinkedIn
AboutTermsImpressumPrivacy

Information Security Analyst

PPPRO
Seniority
Midweight
Model
In-Office
Sector
Fintech
Salary
Undisclosed
Contract
Full-Time

About the role

We're looking for an Information Security Analyst to help us evolve what great Governance, Risk, and Compliance (GRC) looks like in a modern, API-first global payments company. You'll be helping us build a living, breathing system of trust based on streamlined automation and continuous compliance.

What you'll do

  • Evolve the Information Security Management System (ISMS): support and continuously improve PPRO's Information Security Management System, aligned to ISO/IEC 27001:2022. You'll independently manage our ISMS to ensure it stays relevant, practical and scales with our growth.
  • Audit & assurance innovation: play a key role in the ISO certification lifecycle, proactively finding ways to integrate continuous control monitoring and automated assurance, leveraging tools like Vanta.
  • Embed native security: collaborate cross-functionally with Engineering and Product teams, working to embed controls seamlessly into daily workflows.
  • Proactive risk management: actively identify risks, maintain the risk register and drive meaningful risk treatment. You'll connect your day-to-day work with PPRO's overall strategy, focusing on the effectiveness of controls rather than checkbox compliance.
  • Customer-centric due diligence: support vendor security reviews and customer due diligence, continually considering the customer's perspective in your decision-making, helping to build trust both internally and externally.
  • Modernise security awareness: design and deliver engaging, data-informed security education and awareness campaigns that change behaviour and cultivate a proactive, security-first culture across PPRO.
  • Champion continuous improvement: continuously challenge the status quo, suggesting innovative ideas for automation and experiment with new technologies (including AI) to enhance risk insight and evidence collection.

What you'll need

  • Core experience: solid, hands-on experience supporting or running an ISMS aligned to ISO/IEC 27001:2022, along with practical exposure to audits, risk management and control testing.
  • Engineering mindset: you look at manual, repetitive compliance tasks and immediately think about how to automate or streamline them. Familiarity with automation platforms, scripting, or tools like Vanta is a massive plus.
  • Exceptional ownership: you approach your work with a commitment to excellence. You manage your time effectively, anticipate issues before they arise and decide independently how to approach task-related challenges.
  • Nuanced communication: you're comfortable adapting your communication style to engage different stakeholders, translating complex security concepts into actionable, pragmatic insights for developers and business leaders alike.
  • Curiosity and adaptability: you're enthusiastic about acquiring new skills and happy to step out of your comfort zone and adjust ways of working to accommodate team needs in a dynamic environment.
  • Business acumen: you understand the fintech/payments market and competitors, meaning you balance security risks with business reality and speed.
APPLY →