Information Security Specialist
Comparus UA is the development and innovation center of Comparus GmbH, a German IT company with 17+ years of expertise in digital transformation, business process optimization, and complex IT solutions for the financial sector. We provide end-to-end delivery: from business analysis and system design to cloud infrastructure support.
Our primary client is a leading IT provider for the German cooperative banking sector, serving 900+ banks and millions of end users. This means we operate in a highly regulated environment where security, compliance, and precision are non-negotiable.
About the Role
This is a founding role β you will be the first Information Security Specialist at Comparus UA, responsible for building and establishing the information security practice from the ground up.
You will own the day-to-day security operations, lead ISO 27001 compliance efforts, and work closely with both Ukrainian and German colleagues to ensure our Information Security Management System (ISMS) meets the highest standards. If you are someone who thrives on ownership, enjoys shaping processes rather than just following them, and wants to make a tangible impact β this role is for you.
What Youβll Do
- Implement, maintain, and enforce information security policies and procedures across the organization
- Monitor security events and incidents; manage response and remediation processes
- Conduct regular risk assessments and internal security audits
- Manage cybersecurity tools and protection systems (firewalls, VPNs, access controls, etc.)
- Deliver information security awareness training for employees
- Ensure ongoing compliance with ISO 27001 and related standards
- Create, review, and maintain ISMS documentation in Confluence, preparing the organization for certification audits
- Collaborate with German colleagues on ISMS-related tasks: document preparation, reporting, and participation in cross-team meetings
- Work with internal stakeholders (DevOps, Engineering, HR, Management) to embed security practices across all teams
- Drive continuous improvement of security controls, processes, and tooling
What Weβre Looking For
Must-have:
- Solid understanding of information security fundamentals
- Knowledge of ISO 27001 and ISO 27002; hands-on experience participating in or supporting ISO/IEC 27001 certification audits
- Understanding of network security components: firewalls, switches, routers, VPNs
- English: Intermediate (B1βB2) β you will communicate regularly with the German team in writing and in meetings
Nice to have:
- Experience supporting or participating in corporate asset inventory checks
- Upper-Intermediate or Advanced English (B2+/C1)
- Familiarity with ISMS tooling and security monitoring platforms
What Success Looks Like in Your First 90 Days
Process & Standards
- Familiarized with all company information security policies, procedures, and compliance requirements
- Clear understanding of incident management, risk management, and access management workflows
Tools & Systems
- All necessary system accesses provisioned and configured
- Independently using core monitoring, analysis, and task management tools
- ISMS documentation audit completed; roadmap for next certification stage drafted
Stakeholder Relationships
- Working relationships established with key internal stakeholders: DevOps, Engineering, HR, and senior leadership
- Active participation in security-related meetings, including regular syncs with the German team
Security Improvement
- Initial assessment of current security processes and documentation gaps completed
- First proposals for process, control, or tooling improvements submitted
What We Offer
- Equipment: MacBook, dual 2K monitors, ergonomic workspace β or full remote setup if needed
- Work schedule: 8-hour workday, no overtime
- Vacation: 18β24 days of paid annual leave
- Sick leave: 10 days with a medical certificate / 5 days without
- Compensation: Full tax compensation
- Environment: Small, focused team β your work has direct visibility and real impact
- Tech stack: Cutting-edge tools and technologies
Hiring Process
- Online Call with Recruiter β role overview, your background, mutual fit check (up to 30 min)
- English Level Check β brief conversation to assess written and spoken English (up to 10 min)
- Technical Interview β deep dive into your experience, knowledge, and approach (up to 60 min)
*The order of stages may vary, but the goal is always to move forward β together.
Before applying, please review the requirements carefully. If your experience is a genuine match, you will receive feedback regardless of the outcome.