Companies Duetto Research Information Security Analyst

About the role

Duetto Research

Security compliance doesn't run itself — and at a company processing real-time pricing decisions for thousands of hotels worldwide, getting it right matters. As an Information Security Analyst at Duetto, you'll be the operational backbone of our security programme: keeping SOC 2 and ISO 27001 evidence current, running access reviews, managing vendor security assessments, supporting RFPs, and ensuring the governance infrastructure that underpins customer trust and audit readiness stays organised and on track. It's a detail-oriented, cross-functional role that touches Engineering, IT, Legal, HR, and Sales — and it's central to how Duetto earns and keeps the confidence of enterprise customers globally.

What Makes Us Different?

Duetto is the hospitality industry's leading revenue management platform, founded in 2012 by former Wynn Resorts executives who knew the industry needed better technology. We built the world's first Revenue & Profit Operating System — a suite of tools (GameChanger, ScoreBoard, BlockBuster, Advance and more) that goes beyond room pricing to give hotels, resorts and casinos a complete picture of their revenue and profitability. Trusted by clients ranging from independent boutique hotels to global chains, we've been named the #1 Revenue Management Software by HotelTechAwards four years running and the #1 Best Place to Work in Hotel Tech in 2025. Backed by GrowthCurve Capital since 2024, we're accelerating our investment in AI — and we're genuinely passionate about the industry we serve. We build products we're proud of, for customers we care about.

What You'll Be Doing

  • You'll administer and maintain Vanta (or equivalent GRC platform), collecting and maintaining SOC 2 Type 2 evidence across IT, Engineering, HR, Legal, and Security — and supporting ISO 27001, ISO 42001, NIST CSF, and internal control mapping efforts.
  • You'll coordinate access reviews across production systems, cloud platforms, SaaS tools, privileged accounts, and business-critical systems — tracking onboarding and offboarding evidence, policy acknowledgements, training completion, device compliance, and access removal.
  • You'll maintain the governance policy inventory, review cycles, approvals, exceptions, and evidence — and keep the risk register, risk treatment tracker, remediation due dates, and exception evidence current under Director oversight.
  • You'll support vendor and third-party security reviews including annual assessments, questionnaires, risk ratings, and DPA tracking — and track penetration test findings, vulnerability remediation plans, and closure evidence.
  • You'll draft and maintain approved responses for RFPs, sales questionnaires, and customer trust materials, maintain the Live Trust page in coordination with Security, Legal, and Sales, and support incident response documentation including timelines, RCA records, and post-incident action items.
  • You'll coordinate phishing simulations, security awareness training, completion tracking, and reporting — and assist with ad hoc security requests, customer audits, internal evidence requests, and compliance reporting as needed.

What We're Looking For

You may be a good fit if you have:

  • 2–4+ years of experience in security GRC, IT audit, compliance, security operations, risk management, or technical programme coordination
  • Familiarity with SOC 2, ISO 27001, NIST CSF, access reviews, vendor security, and audit evidence collection
  • Experience using Vanta or a comparable GRC/compliance platform
  • Strong documentation, follow-up, and project tracking skills — you're the person things don't fall through the cracks for
  • The ability to work with technical teams and understand security evidence in context
  • Strong written communication skills for RFPs, questionnaires, policies, and audit responses

Strong candidates may also have:

  • Experience in SaaS environments
  • Familiarity with AWS evidence, MDM, endpoint security, vulnerability management, and incident response documentation
  • Experience supporting customer security reviews or sales security questionnaires
  • A basic understanding of GDPR, DPA, DTIA, DPF, and subprocessor management

Why Duetto?

  • Compliance work with real commercial stakes. The security programme you support directly enables enterprise deals and customer trust at global hotel brands and casino groups — your work is visible and consequential.
  • Cross-functional exposure from day one. You'll work across Engineering, IT, Legal, HR, and Sales — a breadth of context that accelerates career development in ways a siloed GRC role rarely does.
  • AI is how we work. Duetto is an AI-first organisation — even in compliance and governance roles, we're investing in tools and workflows that help the team work smarter, including AI governance alignment under ISO 42001.
  • A growing security programme with real scope. This is a new role, which means you'll have the opportunity to shape how processes are built, not just maintain what already exists.

The Details

  • Location: Remote (Croatia)
  • Department: Engineering / Security

Duetto is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other characteristic protected by applicable law.

Sound like you?

You don't need every item on this list. If you're detail-oriented, security-minded, comfortable working across functions, and energised by keeping a compliance programme running well — we'd love to hear from you.

 

 

#LI-REMOTE

Ready to apply to Duetto Research?
Apply to Duetto Research

Similar jobs

Sign up for suggestions tailored to the jobs you open and the searches you save.

Apply now
🤖

Whoa — hold up

JobsRadar was built for real people having a rough time in their job search — not for automated requests. You're clicking way too fast and you're now temporarily blocked.

Come back later. If you're genuinely job hunting, we've got your back — just act like a human.

Catch your next role the second it’s posted.

Create a free account and we’ll watch the boards for you — the instant a job matches your search, it lands in your inbox or Telegram. No digging, no refreshing.

Create free account

Free forever · takes 30 seconds · already have one?

Get the worldwide-remote edge.

Join our Telegram channel for the stuff that helps you land the role — salary benchmarks, the weekly market pulse, and new-feature drops. No spam, just signal.

Join the channel — it's free