Didomi
Information Security Analyst
Job description
ISO 27001 program and audit readiness
- Help maintain and improve our ISO 27001 management system, ensuring controls remain effective, documented, and continuously evidenced.
- Contribute to internal audits, surveillance audits, and recertification cycles, including the upcoming unified audit covering Didomi and recently acquired business units.
- Track corrective actions, nonconformities, and continuous improvement initiatives, supporting the security team in driving them to closure.
Security operations and recurring activities
- Carry out recurring activities on the security calendar in support of the security team, including vulnerability scanning campaigns, quarterly access reviews, risk assessments, business continuity tests, and policy review cycles.
- Triage vulnerability findings from AWS GuardDuty, Inspector, and other sources, then work with the Security Manager to define remediation priorities and follow them through to closure.
- Run periodic access reviews across critical systems (Google Workspace, AWS, Slack, JAMF, GitLab, GitHub, and internal applications), surfacing findings to the Security Manager and helping ensure they are remediated.
Cross-functional security support
- Contribute to the security team's reviews of new tools, vendors, and SaaS applications for security and compliance risks before adoption.
- Help the security team assess and harden internal workflows, with a particular focus on identity, access management, MFA, SSO, and data handling.
- Support the security team on security questionnaires, RFPs, and customer due diligence requests.
- Support the security team on broader initiatives such as AI governance, SaaS governance, and integration of acquired entities into the ISO scope.
Preferred skills & experience
- 3+ years of experience in a GRC, compliance, or information security analyst role, ideally within a SaaS or technology company.
- Solid working knowledge of ISO 27001, including Annex A controls, the audit process, and how to operationalize the standard rather than treat it as paperwork.
- Hands-on experience with vulnerability management tools and access governance processes.
- Hands-on experience with Vanta, including running ISO 27001 (or comparable) audits end-to-end on the platform.
- Hands-on experience with the AWS security suite, in particular GuardDuty and Inspector, including triaging findings and proposing remediation priorities.
- Demonstrated use of AI tooling to accelerate recurring compliance and documentation work. You should be able to walk us through concrete examples of what you have built or automated.
- A strong bias toward removing process. You actively challenge controls, paperwork, and workflows that no longer earn their keep, and you propose lighter alternatives.
- Strong written communication in English. You can explain security topics clearly to engineers, executives, and customers alike.
- A pragmatic mindset: you favor controls that work in practice over controls that only look good on paper.
Nice to have
- Experience supporting HIPAA or HITRUST programs, and comfort mapping requirements across frameworks.
- Familiarity with cloud environments (AWS in particular) and with common SaaS administration (Google Workspace, Slack, identity providers).
- Exposure to security questionnaire platforms and trust center tooling.
Tools you’ll work with on a regular basis
- Compliance and GRC: Vanta
- Cloud and security monitoring: AWS, AWS GuardDuty, AWS Inspector, AWS Security Hub
- Identity and access: Google Workspace, SSO and MFA providers
- Endpoint and device management: JAMF
- Code and engineering: GitLab, GitHub
- Collaboration and documentation: Slack, Notion, Google Workspace
- SaaS governance and vendor review: internal review workflows and questionnaire tooling


