Security & Compliance Senior Analyst


Salary: Competitive

Location: Oeiras, Portugal

Posted: 05 Feb 2018

Main Purpose of the Role

The role is responsible for defining, implementing and communicating Information Security & Compliance best practices and requirements across all countries within which Truphone has a presence.


Key Responsibilities


The Security & Compliance Senior Analyst will be responsible for:

1.        Development and maintenance of global policies and standards which support Truphone development and operational activities, including the assurance and governance of policies and standards in support of ISO27001.

2.        Ensuring that all policies and procedures are well documented and implemented, performing periodic internal reviews and identifying compliance problems that call for formal attention.

3.        Development of risk management strategies to detect non-compliance with security policies, and track and manage exceptions to security policy.

4.        Continual improvement of the Information Security Management System to assure compliance with ISO27001 certification.

5.        Pro-active identification of weak security controls by way of conducting security reviews, and provision of recommendations for improvement to the relevant teams.

6.        Maintenance and improvement of the security awareness campaign across Truphone.

7.        Support for security incident response activities.

8.        Support for the formalisation of regular vulnerability assessments and risk-driven patch management.

9.        Assist with third party security questionnaires/assessments from Truphone major Clients.

10.      Support for security initiatives in line with the security roadmap.


Skills and Experience Required


Required skills

1.        Experience writing information security policies and technical documents;

2.        Experienced with audit methodologies and capability to produce audit reports matching non-conformities to controls.

3.        Solid knowledge of ISO27001 and hands on experience in an ISMS.

4.        Experience of compliance with the Data Privacy Initiatives (namely GDPR).

5.        A good all-round knowledge of IT systems, platforms, networking and security technologies.

6.        Experience of working in a customer facing environment to ensure customer security requirements are met.

7.        Ability to work proactively with business stakeholders to implement corrective actions to security gaps.

8.        Knowledge of application security best practices (e.g. BSIMM/SAMM) and other relevant cybersecurity frameworks (e.g. NIST CSF)



1.        2 to 4 years as an information security professional with a solid technical background.

2.        Computer Science or Telecommunications engineering degree or equivalent experience.

3.        Experience/knowledge with a broad suite of Information Security Technologies.


Personal qualities

1.        Team player, able to work in the multi-cultural environment.

2.        Detail conscious, highly organised and methodical with a strong work ethic.

3.        Comfortable in a fast-paced, intense and demanding environment.

4.        Innovative and inspiring.

5.        Awesome to be around with.

6.        Be motivated and willing to set Truphone cybersecurity standards to a stratospheric level


Apply now

No agencies. We do not accept CVs from 3rd parties

Apply now

No agencies. We do not accept CVs from 3rd parties

Arrow Dropdown arrow Play