Jobs Companies Didomi Information Security Analyst

About this Information Security Analyst role at Didomi

Didomi · Remote · Paris,France

We are looking for an Information Security Analyst to join our Security & IT team and become the operational backbone of our ISO 27001 program. You will support the day-to-day work that keeps Didomi audit-ready year-round and run recurring security activities across the company.

This role is roughly 80% recurring compliance work: evidence collection, audit preparation, access reviews, vendor reviews, and security questionnaire responses. Leverage is the whole game. We want someone who reaches for automation and AI tooling as a default and who actively pushes back on process that no longer earns its keep, rather than someone who accepts that compliance work has to be slow or manual.

This role reports to the Security Manager.

The responsibilities are as follows:

ISO 27001 program and audit readiness

  • Help maintain and improve our ISO 27001 management system, ensuring controls remain effective, documented, and continuously evidenced.
  • Contribute to internal audits, surveillance audits, and recertification cycles, including the upcoming unified audit covering Didomi and recently acquired business units.
  • Track corrective actions, nonconformities, and continuous improvement initiatives, supporting the security team in driving them to closure.
  • Security operations and recurring activities

  • Carry out recurring activities on the security calendar in support of the security team, including vulnerability scanning campaigns, quarterly access reviews, risk assessments, business continuity tests, and policy review cycles.
  • Triage vulnerability findings from AWS GuardDuty, Inspector, and other sources, then work with the Security Manager to define remediation priorities and follow them through to closure.
  • Run periodic access reviews across critical systems (Google Workspace, AWS, Slack, JAMF, GitLab, GitHub, and internal applications), surfacing findings to the Security Manager and helping ensure they are remediated.
  • Cross-functional security support

  • Contribute to the security team's reviews of new tools, vendors, and SaaS applications for security and compliance risks before adoption.
  • Help the security team assess and harden internal workflows, with a particular focus on identity, access management, MFA, SSO, and data handling.
  • Support the security team on security questionnaires, RFPs, and customer due diligence requests.
  • Support the security team on broader initiatives such as AI governance, SaaS governance, and integration of acquired entities into the ISO scope.
  • Preferred skills & experience

  • 3+ years of experience in a GRC, compliance, or information security analyst role, ideally within a SaaS or technology company.
  • Solid working knowledge of ISO 27001, including Annex A controls, the audit process, and how to operationalize the standard rather than treat it as paperwork.
  • Hands-on experience with vulnerability management tools and access governance processes.
  • Hands-on experience with Vanta, including running ISO 27001 (or comparable) audits end-to-end on the platform.
  • Hands-on experience with the AWS security suite, in particular GuardDuty and Inspector, including triaging findings and proposing remediation priorities.
  • Demonstrated use of AI tooling to accelerate recurring compliance and documentation work. You should be able to walk us through concrete examples of what you have built or automated.
  • A strong bias toward removing process. You actively challenge controls, paperwork, and workflows that no longer earn their keep, and you propose lighter alternatives.
  • Strong written communication in English. You can explain security topics clearly to engineers, executives, and customers alike.
  • A pragmatic mindset: you favor controls that work in practice over controls that only look good on paper.
  • Nice to have

  • Experience supporting HIPAA or HITRUST programs, and comfort mapping requirements across frameworks.
  • Familiarity with cloud environments (AWS in particular) and with common SaaS administration (Google Workspace, Slack, identity providers).
  • Exposure to security questionnaire platforms and trust center tooling.
  • Tools you’ll work with on a regular basis

  • Compliance and GRC: Vanta
  • Cloud and security monitoring: AWS, AWS GuardDuty, AWS Inspector, AWS Security Hub
  • Identity and access: Google Workspace, SSO and MFA providers
  • Endpoint and device management: JAMF
  • Code and engineering: GitLab, GitHub
  • Collaboration and documentation: Slack, Notion, Google Workspace
  • SaaS governance and vendor review: internal review workflows and questionnaire tooling
  • Ready to apply to Didomi?
    Apply to Didomi

    Similar jobs

    Sign up for suggestions tailored to the jobs you open and the searches you save.

    Apply now
    🤖

    Whoa — hold up

    JobsRadar was built for real people having a rough time in their job search — not for automated requests. You're clicking way too fast and you're now temporarily blocked.

    Come back later. If you're genuinely job hunting, we've got your back — just act like a human.

    Catch your next role the second it’s posted.

    Create a free account and we’ll watch the boards for you — the instant a job matches your search, it lands in your inbox or Telegram. No digging, no refreshing.

    Create free account

    Free forever · takes 30 seconds · already have one?

    Get an edge on your job hunt.

    Join our Telegram channel for the stuff that helps you land the role — salary benchmarks, the weekly market pulse, and new-feature drops. No spam, just signal.

    Join the channel — it's free