About Nintex: 

At Nintex, we are transforming the way people work, everywhere.  

As the global standard for process intelligence and automation, we're trusted by over 10,000 public and private sector organizations across 90 countries. Our customers, from industry giants like Amazon, Coca-Cola, and Microsoft, rely on the Nintex Platform to accelerate their digital transformation journeys by managing, automating, and optimizing business processes quickly and efficiently. We improve their lives through the technology we build.

We are committed to fostering a workplace that supports amazing people in doing their very best work every day. Collaboration is constant, our workplace is fun, the environment is fast-paced, and we value our people’s curiosity, ideas, and enthusiasm. Driven by passion and accountability, we take initiative, measure progress, and deliver results. Our culture fosters innovation and problem-solving, fueled by curiosity and a commitment to thinking big. Together, we move with agility, prioritize customer needs, and build unity through empathy, leaving a positive impact wherever we go. 

About the role: 

The Compliance Analyst is a member of the Nintex Security Team and partners with globally distributed departments to execute and sustain the company’s compliance program. This role is operational and tactical in nature, with responsibility for working with teams to implement compliance requirements, enabling audit readiness, coordinating ongoing compliance activities, and supporting external and internal audits. 

The Compliance Analyst applies strong project management and analytical skills to manage multiple concurrent initiatives and brings working expertise across multiple compliance frameworks to ensure consistent and effective compliance outcomes. 

Your contribution will be:

Domain Knowledge and Documentation: Coordinate the full compliance lifecycle, including gap analysis, remediation planning, audit execution, and continuous compliance monitoring. Prepare the organization for new and evolving compliance frameworks by coordinating assessments, audits, self-assessments, and evidence collection and review activities. Develop, maintain, and review compliance related documentation to support training, awareness, and sustained operational effectiveness. Support the Revenue team by answering Security-related questions from customers and prospects. Assist with curating content for ongoing Security training requirements, ensuring completion targets are met. 

Global Stakeholder Management: Collaborate with globally distributed stakeholders across Engineering, IT, Product, HR, Legal, and other business functions to support consistent implementation of compliance requirements. Serve as a primary liaison for audit coordination, including facilitating interviews, walkthroughs, and evidence requests. Provide guidance and training to internal teams on compliance initiatives and audit readiness. 

Adhere to Nintex Standards and Practices: Support adherence to Nintex governance, risk, and compliance standards by assisting with the creation, review and updates of information security policies and procedures. Ensure compliance activities align with internal guidelines and approved risk management practices. Contribute to compliance integration efforts for acquisitions or organizational changes as required. 

Risk Management and Mitigation: Support risk management activities by assisting with security reviews and compliance risk assessments for new initiatives, technologies, and vendors. Identify potential compliance and control gaps, document risks, and assist in tracking mitigation activities. Escalate identified risks and issues to appropriate stakeholders in a timely manner. 

To be successful, we think you need:

• Bachelor’s degree in Information Security, Information Technology, Risk Management, Business, or a related field, or equivalent practical experience. 

• A proven track of at least 5 years working experience with common compliance and assurance frameworks such as SOC 2, ISO/IEC 27001, GDPR, HIPAA, FedRAMP, or similar international regulatory standards. 

• Relevant certifications are preferred but not required, including: CISA, CRISC, CISSP, CCSK, ISO 27001 Lead Implementer/Auditor, or related compliance or risk certifications. 

• Familiarity with common IT infrastructure, SaaS based cloud services, identity and access management concepts, and security tooling sufficient to assess control design and operational effectiveness (hands‑on administration is not required).

What’s in it for you? 

Nintex has a hybrid working model, enabling us to build culture, learn, and grow together. We intentionally connect and collaborate, while emphasizing flexibility with a blend of at-home and in-office work. This role is a hybrid role in our local Nintex office.

While our offerings differ from country to country, we offer our entire global workforce an array of exciting perks and benefits, including 

• Global Gratitude and Recharge Days
• Flexible, paid time off policy
• Employee wellness programs and counseling resources
• Meaningful peer recognition and awards
• Paid parental leave
• Invention/patenting assistance
• Community impact, paid volunteer time, and opportunities
• Intercultural learning and celebration
• Multiple tools through which to learn and grow, and an incredible global community 

View more about our benefits here: https://www.nintex.com/wp-content/uploads/2023/01/Global-Perks-and-Benefits.pdf.  

SENIOR CYBERSECURITY ANALYST (SOC)  APAC Region (Remote / Hybrid) 

WHO WE ARE 

S-RM is a global intelligence and cyber security consultancy.   Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges.    

We’ve been able to do this because of our outstanding people.   We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success.    

But we also know that work isn’t everything. It’s about the lives and careers it helps us build.   We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day. 

We’re excited you’re thinking about joining us. 

WORKING IN CYBER AT S-RM 

Our Cyber Security team is the fastest-growing part of S-RM. The cyber sector is always evolving, and our Managed Services,  Risk & Resilience, and Incident Response practices are in more demand than ever.  

We’re building a team to meet this challenge.   We’re quick to respond, innovate, and improve. We don’t get too hung up on hierarchy or bureaucracy.   If your ideas are good enough, we’ll empower you to implement them. If you’re the best person to talk to a customer, you’ll get that opportunity, regardless of the title in your email signature. And when you need a hand, your team will always have your back. 

We also don’t believe there’s a typical cyber security professional.   We’ve built a team of intelligence analysts, technical specialists, software developers, investigators, risk managers, and more.  You’ll always find a range of perspectives and expertise to help you learn and grow.  

If that sounds like your kind of team, we’d like to hear from you. 

THE ROLE 

Our Security Operations Centre is a critical part of our Cybersecurity division’s success.  

As a Senior Analyst (SOC), you will add your cybersecurity expertise in a vital delivery role to our managed detection and response services.    

In this role, you will leverage the infrastructure and tools that power our Security Operations Centre (SOC) to deliver desired security outcomes for our managed services clients, with a particular focus on those in the APAC region.   The ideal candidate will be highly proficient in using security platforms such as SIEM, SOAR, EDR, and other advanced security technologies. You will have experience leading other analysts or sub-teams in a SOC environment and be comfortable acting as a point of escalation. As a senior analyst, you will be responsible for high-level incident management, process improvement, and mentoring junior analysts. This hybrid role involves both remote work and some in-office presence for collaboration, teamwork and development projects. In APAC we have office premises in Hong Kong, Singapore and Malaysia. 

Delivery 

• Cyber-Security Operations: Contribute to day-to-day SOC team-related activities, ensuring efficient monitoring, detection, and response to security threats across our clients’ estates.  

• Monitor Security Events: Continuously monitor and analyse security alerts from EDR, SIEM and other security tools to detect suspicious activities or potential threats. 

• Incident Response: Conduct investigations and respond to security incidents, executing containment, mitigation, and remediation steps as necessary. 

• Threat Detection: Use expertise to tune detection rules, automate workflows, and improve incident detection accuracy. 

• Log Analysis: Perform in-depth log analysis from firewalls, endpoint protection platforms, and other solutions to investigate complex incidents. 

• Incident Reporting and Documentation: Ensure all incidents are thoroughly documented, including timelines, analysis, mitigation steps, and lessons learned, and deliver regular reports to stakeholders. 

• Global Delivery Role: Act as second line escalation and support to the on-shift SOC Analysts in our 24x7 SOC team. 

• APAC Regional Client Focus: Support onboarding and service request activity for our regional MDR clients.    

• Threat Hunting: Proactively search for indicators of compromise (IoCs) and advanced threats within the environment, utilising both automated tools and manual analysis. 

• Threat Intelligence: Stay up to date on the latest cybersecurity threats, vulnerabilities, and attack techniques, and integrate threat intelligence into detection and response efforts. 

• Team Development: Provide guidance and mentorship to junior SOC analysts, fostering skill development and ensuring adherence to security best practices. 

Growth of the service 

• Continuous Improvement: Collaborate with the SOC team to develop and implement SOC strategies, improve processes, and introduce new technologies to strengthen our clients’ security posture. 

• Collaboration: Collaborate with SOC analysts, security engineers, and IT teams to ensure seamless operation of security tools and alignment with broader cybersecurity practices. 

• Security Enhancements: Identify areas for improvement in security monitoring and response capabilities, proposing and assist with implementing new solutions where appropriate. 

• New Clients: Our MDR service is growing quickly, you will be assisting with onboarding and configuring SOC services and technology for new customers. 

• Collaborating with Global Teams: Work closely with other cyber security service lines to ensure seamless integration of SOC operations with our broader cybersecurity initiatives and business units, especially Incident Response. 

• Contributing to Internal Technical Development Initiatives: When the schedule allows, you will have opportunities to participate in and contribute to internal technical development initiatives, enhancing our tools, processes, and overall incident response capabilities. 

WHAT WE’RE LOOKING FOR 

Candidates with the following qualifications and experience are likely to succeed in our Managed Services practice at S-RM.    

That said, if you don’t think you meet all the criteria below but still are interested in the job, please apply. Nobody checks every box—we’re looking for candidates that are particularly strong in a few areas and have some interest, capabilities and willingness to learn in others. 

We nurture a culture of equality, diversity and inclusion and we are dedicated to developing a workforce that displays a variety of talents, experiences and perspectives. 

We’re looking for: 

• Qualifications: A Bachelors or Masters degree in a relevant subject, for example cybersecurity, computer science; relevant industry certifications are advantageous, including any of the following or evidence of working towards attaining these: Blue Team, CISSP, Security+. 

• Experience: 3+ years of experience in a SOC or cybersecurity operations role, with demonstrated team leadership / supervisory experience. 

• Technical Expertise: Strong understanding of EDR and Secops toolsets - with experience configuring and leveraging these tools for incident detection and response. 

• Leadership:   Experienced in mentoring junior SOC analysts, with good communication and team-building skills. 

• Customer Minded: We put our clients at the heart of everything we do, going the extra mile for them will be second nature to you. You should be comfortable in client facing situations and able to discuss cybersecurity issues in customer-friendly language. 

• Approach: An investigative mindset.   You should be comfortable solving problems with limited information and guidance and be curious to learn. 

• Reliability:  Our customers depend on us to manage their security and provide cyber-resilience; you must be dependable. 

• Personal Interest: Some demonstrable knowledge of cyber threat actors, and their tactics, techniques, and interest in cybersecurity matters, security monitoring and threat detection techniques..  
• Communication: Clear and concise communication skills, with the ability to work effectively across teams; you should be able to communicate your technical findings for a non-technical audience in a professional setting.   Able to vet and quality assure incident reports and summaries. 

The successful candidate must have permission to work in at least one of these locations: Hong Kong, Singapore or Malaysia by the start of their employment. 

To apply for this role, please submit an up-to-date CV through this link: Job Application for Senior Cybersecurity Analyst (SOC) at S-RM