Information Security GRC Analyst

About the Company & Product

We are a rapidly growing product company entering the global gaming entertainment market. Our mission is to bring innovative business solutions to the iGaming industry by building cutting-edge technology products. Our core product is a SaaS gaming platform with 200+ microservices that powers a seamless gaming experience for millions of users worldwide. The platform provides a full suite of iGaming solutions, including game management, payments, analytics, CRM, and more.

Meet Your Future Team

We have an open management culture where leaders share a clear product vision rather than simply assigning tasks. We believe people do their best work when they understand where the team is going and why their contribution matters. Initiative is always welcome, and everyone is encouraged to share ideas, suggest improvements, and influence how things are built.

Ready for a career upgrade?

As we continue to scale our platform, expand into new markets, and strengthen our security governance function, we are looking for an Information Security GRC Analyst with a strong technical mindset to join our team.

This is not a purely documentation-focused role. You will work closely with engineering, infrastructure, and business teams to understand how our platform operates in practice and help translate technical risks into effective governance and compliance processes.

As a company operating in the iGaming industry, many aspects of our business are subject to regulatory and licensing requirements across different jurisdictions. You will be directly involved in these processes — from preparing documentation and collecting audit evidence to analyzing regulatory requirements and participating in audits and certification activities.

You will report to the Security Lead and collaborate with engineering, DevOps, legal, and business teams to help build a mature, scalable, security-driven governance function.

What you’ll be doing

• Maintain and improve security and compliance frameworks ISO 27001, GDPR, and jurisdiction-specific licensing requirements;

• Own security policies, procedures, and documentation lifecycle: creation, versioning, and periodic reviews;

• Support internal and external audits: collect evidence, track findings, coordinate remediation;

• Conduct security risk assessments across systems, infrastructure, and cloud environments; maintain risk registers and control matrices;

• Run vendor security assessments and handle security questionnaires;

• Work with engineering and DevOps teams on vulnerability management tracking, prioritization, and remediation coordination;

• Collaborate with engineering to translate compliance requirements into real technical controls;

• Use AI tools to automate GRC workflows and actively look for ways to reduce manual work across the team;

• Support security awareness initiatives and incident response activities when needed.

You have these superpowers

• 2+ years in Information Security, GRC, or Compliance;

• Solid hands-on understanding of ISO 27001 and audit support;

• Good grasp of GDPR and security governance processes;

• Experience with risk registers, control matrices, policies, and compliance documentation;

• Experience running vendor risk assessments and handling security questionnaires;

• Good understanding of networking basics, OS-level security, IAM, and common attack vectors;

• Comfortable discussing cloud infrastructure and modern application environments with engineering teams;

• Familiarity with at least one security tooling area: SIEM, vulnerability scanners, or similar;

• Can read architecture diagrams and technical docs — not just compliance checklists;

• Actively uses AI tools (ChatGPT, Claude, Copilot, or similar) in daily work;

• Strong written communication, structured thinking, and ability to drive things forward independently.

Nice to have

• Experience in iGaming or familiarity with industry standards such as GLI-19 and GLI-33;

• Knowledge of AML / KYC requirements;

• Experience with SOC 2 or other compliance frameworks beyond ISO 27001;

• Familiarity with GCP, containerized environments, or Kubernetes from a security angle;

• Exposure to OSINT or threat intelligence practices;

• Familiarity with DevSecOps or security in CI/CD pipelines;

• Experience building simple AI-assisted automations (LLM APIs, no-code tools);

• Awareness of ISO/IEC 42001 and the EU AI Act.

It’s cool to work with us

• Flexible schedule: work from home, the office, or hybrid;

• Extra day off for your birthday: take a break any day within the month;

• Competitive compensation that matches your skills;

• Medical insurance (in Ukraine) and health support;

• 20 paid vacation days + 15 unpaid vacation days;

• 22 sick leave days, including mental health days;

• Gifts and support for life’s key moments (wedding, childbirth, kindergarten);

• Company-provided equipment based on your preferences.

We care about your comfort and help you maintain work-life balance!

What’s next?

• HR interview

• Final interview

• Background Check

• If it’s a match – Offer

Feel like this is the right fit? Send your resume—we’re waiting for you!