Security Lead

Would you be open to leading the Platform & Cloud Security direction in a top-tier iGaming product? We’re looking for a Security Lead to work on a high-load system. You’ll collaborate closely with the CTO, have full ownership of decisions, remote, and top-of-the-market terms.

This role combines technical expertise, investigative focus, and process leadership – ensuring that our systems, data, and people remain secure, compliant, and resilient.

Main Responsibilities

Information Security & Compliance

– Maintain and continuously improve the ISO/IEC 27001:2022 Information Security Management System (ISMS)

– Foster a strong Security-First mindset across the organization

– Work closely with the CTO, Head of IT, and DevOps to enhance internal security controls

– Conduct internal audits, risk assessments, and coordinate certification renewals

– Update security policies and controls in line with ISO 27001, GDPR, and relevant international frameworks (e.g., NIST CSF and NIS2 principles where applicable)
– Manage integrations and alerting within Datadog SIEM, CrowdStrike, Cloudflare, and Google Workspace

– Support DLP implementation and maintain central tracking of security events

– Document risks, incidents, and corrective actions to ensure continuous compliance

Incident Response & Investigation

– Lead investigations into security incidents such as phishing, data leakage, or unauthorized access

– Collect and analyze digital evidence across systems (CrowdStrike, Cloudflare, Google, Slack)

– Maintain and enhance incident response playbooks and escalation workflows

– Collaborate with HR, Legal, and IT teams during internal investigations

– Produce post-incident reports and recommend remediation measures

Endpoint & Access Security

– Manage MDM systems (Zoho MDM, Endpoint Central) and ensure full compliance for macOS endpoints

– Maintain CrowdStrike Falcon configurations and endpoint posture enforcement

– Oversee SSO, MFA, and 2FA enforcement across services (Google SSO, DUO Mobile, 1Password)

– Implement Just-in-Time (JIT) privilege elevation and regular admin access reviews

– Perform Quarterly RAS Access Management Reviews

– Maintain a consistent audit trail for access management throughout the year

Mandatory Requirements

– 3+ years of experience in information security, IT audit, or digital investigations

– Solid understanding of ISO 27001, GDPR, and modern security frameworks (NIST CSF / NIS2)

– Hands-on experience with SIEM / EDR systems

– Proven ability to manage SSO, MFA, DLP, and MDM environments

– Strong communication skills in English (B2 or higher)

– Analytical mindset, integrity, and attention to detail

Nice to Have

– Certifications: CISSP, CISM, CEH, ISO 27001 Lead Auditor, AWS Security Specialty

– Experience with Zero Trust, PAM, DLP/CASB, or SOAR platforms

– Forensics experience

– Experience in designing awareness programs or running phishing simulations

We offer

Competitive Salary: We offer a competitive salary in EUR, subject to annual performance reviews

Quarterly Bonuses: Benefit from a transparent and systematic quarterly bonus system

Flexible Schedule: We offer a flexible work schedule to accommodate your needs

Remote Work Option: Choose to work remotely, providing greater flexibility and comfort

Medical Insurance: Receive comprehensive medical insurance for both you and a significant other

Financial Support for Life Events: We provide financial support during special life events

Unlimited Paid Vacation: Enjoy unlimited paid vacation leave

Unlimited Paid Sick Leave: Take unlimited paid sick leave whenever necessary

Professional Development: Get reimbursement for professional development courses and training

Recruitment Process

– HR interview

– Technical interview

– Final interview