AI Summary
Join BrainRocket as an Information Security Manager to lead security audits, risk assessments, and control design. Conduct internal security audits, define security requirements, and maintain the Risk Register. Collaborate with engineering, infrastructure, and product teams to integrate controls into workflows and architectures.
Key Highlights
Conduct internal security audits of systems, business processes, and new integrations
Define security requirements for internal systems, tools, and business processes
Maintain the Risk Register and work with asset owners on risk mitigation plans
Technical Skills Required
Benefits & Perks
Excellent benefits
Learning and development opportunities
Global coverage health insurance
20 working days of annual vacation
Additional paid sick days
Competitive remuneration level with annual review
Job Description
BrainRocket is a global company creating end-to-end tech products for clients across Fintech, iGaming, and Marketing. βYoung, ambitious, and unstoppable, we've already taken Cyprus, Malta, Portugal, Poland, and Serbia by storm. Our BRO team consists of 1,300 bright minds creating innovative ideas and products. We donβt follow formats. We shape them. We build what works, launch it fast, and make sure it hits.
βοΈ Important β On-Site RoleβοΈ
This is an on-site position based at one of our offices:
β Belgrade (Serbia),
β Lisbon (Portugal),
β Sofia (Bulgaria),β Valencia (Spain),
β Warsaw (Poland),
β Yerevan (Armenia).
Remote or hybrid arrangements are not available. Candidates must already be in the location or be willing to relocate. The relocation support will be provided if needed.
We are seeking an Information Security Manager to join our team.
β Responsibilities
Security Audits & Governance
βοΈ Conduct internal security audits of systems, business processes, and new integrations.
βοΈ Review and challenge technical and organisational controls; identify weaknesses and improvement areas.
βοΈ Participate in security architecture discussions and proactively recommend control mechanisms.
Security Requirements & Control Design
βοΈ Define security requirements for internal systems, tools, and business processes.
βοΈ Work closely with engineering, infrastructure, and product teams to integrate controls into workflows and architectures.
βοΈ Validate that implemented controls meet design and compliance objectives.
Risk & Compliance Oversight
βοΈ Perform risk assessments for internal tools and third-party services (pre- and post-integration).
βοΈ Maintain the Risk Register and work with asset owners on risk mitigation plans aligned with ISO27001/27701 and other frameworks.
βοΈ Support audit readiness and evidence collection for ISO 27001, PCI DSS, and other certifications.
Data Protection & Access Control
βοΈ Analyse data flows and define appropriate protection strategies (e.g., encryption, masking, access management).
βοΈ Ensure logging, alerting, and monitoring controls are in place and passed to the SOC.
βοΈ Conduct periodic access reviews and role validations.
Security Awareness & Process Improvement
βοΈ Contribute to security awareness initiatives and training content.
βοΈ Collaborate with business and IT teams to optimize secure-by-design practices across departments.
β Requirements
βοΈ 3+ years of experience in information security, internal audit, GRC, or similar roles.
βοΈ Hands-on experience conducting internal audits, risk assessments, and designing/implementing security controls.
βοΈ Strong knowledge of ISO 27001/27701, PCI DSS, GDPR, and relevant security frameworks.
βοΈ Experience maintaining a Risk Register and working with asset owners on mitigation planning.
βοΈ Ability to define and validate security requirements for internal systems and processes.
βοΈ Understanding of data protection principles including encryption, masking, and access control.
βοΈ Solid understanding of modern access management approaches such as RBAC, Just-in-Time (JIT) access, and Zero Trust.
βοΈ Strong analytical and documentation skills; ability to structure findings and communicate clearly across teams.
βοΈ Self-driven and structured approach to auditing, with the ability to work across technical and business functions.
β Nice To Have
βοΈ Experience supporting external certification audits (ISO 27001, PCI DSS, etc.).
βοΈ Relevant certifications such as ISO 27001 Lead Auditor, CISA, CRISC, CISSP, or CompTIA Security+.
βοΈ Experience collaborating with a SOC team or working with log and alert management systems
β We offer excellent benefits, including but not limited to:
π§π»βπ» Learning and development opportunities and interesting, challenging tasks.
π Opportunity to develop language skills, with partial compensation for the cost of English classes (for localisation purposes).
π₯ Global coverage health insurance.
π Time for proper rest, with 20 working days of annual vacation and additional paid sick days.
π Competitive remuneration level with annual review.
π€ Team-building activities.
Bold moves start here. Make yours. Apply today!
By submitting your application, you agree to our Privacy Policy.