Overview:
SOFTSWISS continues to expand the team and is looking for a Security Analyst. We need a true, experienced, and accomplished professional who shares our culture and values.
Purpose of the role:
You’ll be the connective tissue between security strategy and execution across a multinational company operating in regulated markets across multiple jurisdictions. This isn’t a checkbox audit role — you’ll own the security assessment lifecycle for systems and processes, define security requirements and hold teams accountable to them, and coordinate work across specialized security teams to drive outcomes on cross-cutting initiatives. You’ll work closely with business and technical stakeholders who move fast, and your job is to make sure security moves with them rather than behind them.
Key responsibilities:
- Own the security assessment lifecycle for new and existing systems, tools, and integrations — from initial scoping and risk identification through requirements definition to remediation verification
- Create clear, actionable security requirements for systems and processes, and verify that implementations meet those requirements — closing the loop rather than just filing findings
- Decompose complex security initiatives into concrete workstreams and coordinate their execution across specialized security teams (e.g., infrastructure security, application security, SOC), driving alignment without direct authority
- Collaborate with business and technical owners to understand system purpose, data flows, and trust boundaries, translating what you find into risk language that stakeholders actually act on
- Review and challenge access models as part of system assessments, ensuring permissions reflect need-to-know principles and don’t silently expand over time
- Contribute to strategic security projects — data security, AI governance, and other emerging areas — as both an analytical resource and a coordinator
- Develop and maintain security policies and guidelines for software and technology usage across the organization
Required Experience:
- 3+ years of hands-on experience in cybersecurity, with meaningful exposure to security assessments, risk analysis, or GRC functions
- Demonstrated ability to assess systems and integrations end-to-end — not just identifying risks but defining what “fixed” looks like and verifying it got done
- Working knowledge of risk assessment methodologies, access control principles, and at least one major governance framework (ISO 27001, NIST CSF, or equivalent)
- Experience operating in or alongside regulated industries — financial services, fintech, or similar high-compliance environments strongly preferred
- Ability to coordinate across multiple teams and stakeholders without formal authority — you influence through clarity, preparation, and follow-through
- Strong written and verbal communication in English — you’ll be drafting requirements, writing assessments, and presenting findings to both technical teams and business leadership
Nice to have:
- Experience in multinational or multi-entity environments where regulatory landscapes vary across jurisdictions
- Familiarity with AI governance, including practical challenges around shadow AI, third-party AI services, and emerging regulatory requirements (EU AI Act, etc.)
- Background in data security strategy or classification — understanding how data flows across systems and where controls should sit
- Track record of taking ambiguous, high-level security objectives and breaking them into structured, executable plans
Main Advantages
- Private insurance (depending on contract type)
- Paid gym membership
- Comprehensive Mental Health Program
- Free English lessons (online)
- Local language courses
- Paid time off (PTO)
- Maternity leave support
- Referral program rewards
- Upskilling, internal workshops, and participation in professional conferences and corporate events
