Job Description

(Senior) Information Security Analyst

We are seeking two (Senior) Information Security Analysts to support our GRC function for both ELCA Group and external clients. The role includes work across multiple frameworks such as ISO 27001, 27017/18, ISO 22301, ISO 27701, NIST, DORA, PCI-DSS, and involves governance, policy development, audit activities, compliance monitoring, reporting, risk management, vendor assessments, and security awareness programs.

Key Responsibilities

1. Governance, Risk & Compliance

• Execute risk management activities, including risk identification, assessments, reporting, and tracking of action plans.
• Support ISO 27x and other security standards or frameworks transition, implementation, and continuous improvement activities.
• Support ongoing audit programs (internal, external, customer).

2. Policies & Documentation Management

• Draft, review, and publish security policies, standards, procedures, and guidelines.
• Maintain documentation repositories and ensure version control and governance workflows.

3. Compliance Monitoring & KPI Reporting

• Collect, aggregate, and analyze KPIs/KRIs for security and compliance.
• Generate dashboards and reports for leadership and clients.
• Execute periodic security controls compliance checks

4. Vendor Risk Management & Customer Questionnaires

• Conduct Vendor Risk Assessments, follow up on remediation plans and document outcomes.
• Support completion of customer security questionnaires, due diligence documents, and evidence compilation.

5. Audit & Assessment Activities

• Plan, coordinate, and support external & internal security and compliance audits.
• Prepare audit scopes, checklists, and assessment criteria aligned with relevant standards.
• Assist in external audit readiness, evidence collection, and pre-audit reviews.
• Follow-up on findings, observations, and corrective action plans.
• Ensure actions are tracked and closed within agreed SLAs.

Required Skills & Qualifications

• Degree in Cybersecurity, Computer Science, Information Systems, or related discipline.
• 3 - 5 years experience in GRC, compliance, audit, or risk (senior level may require a minimum of 5+ years).
• Broad understanding of ISO 27x series, ISO 22301, NIST, PCI-DSS, DORA, GDPR/Privacy frameworks.
• Experience supporting or performing audits (internal or external).
• Certifications preferred: PECB ISO 27001 LI/LA, ISO 22301 LI, CISA, CIPP/E, CIPM.
• Basic project management knowledge and strong organizational skills.
• Excellent interpersonal, communication, and negotiation skills for effective collaboration and follow-ups.
• Fluent in English and French (written and spoken)