Sr. IT Security Risk and Audit Engineer
Tech Ops & Support Budapest, Hungary
About Liferay
Liferay is a uniquely profitable B2B enterprise software company with 1,000+ fiery-eyed employees all across Europe, the Americas, the Middle East, Asia, and Africa. As a renowned provider of enterprise open source technologies, we have been recognized by Gartner for empowering businesses around the world to solve complex digital challenges. Liferay’s all-in-one platform unites Liferay DXP with our cloud platform capabilities, built-in analytics, and commerce functionality, reducing time to market and accelerating innovation. Our customer roster includes global companies such as Airbus, US Bank, Honda, and Desjardins.
About You and this Role
The IT Security Risk and Audit Engineer will play a crucial role in enhancing Liferay's security posture by identifying, assessing, and mitigating cyber security risks across the organization. This role will be responsible for conducting security assessments, developing and maintaining security controls, and ensuring compliance with relevant security standards and regulations, including ISO 27001, ISO 42001, SOC2 and (non security related) ISO 9001. This position requires a strong understanding of cyber security principles and methodologies, as well as excellent analytical and problem-solving skills. This role provides a unique opportunity to see the entire lifecycle of a security program, from inception and development to ongoing operations and continuous improvement.
Key Objectives:
- 50% business as usual Activities:
- Conduct regular security assessments and audits (e.g., vulnerability assessments, penetration tests, risk assessments).
- Monitor and analyze third parties' security posture.
- Maintain and update security documentation, including policies, standards, and procedures.
- Provide support to internal teams on security matters (acts as a liaison).
- Contribute to the development and maintenance of the Information Security Management System (ISMS).
- Participate in security awareness and training programs.
- 50% business development related Activities:
- Contribute to the development and implementation of ISO 27001, ISO 42001, SOC2 andISO 9001 compliance programs.
- Lead or participate in projects to improve security controls and processes.
- Develop and implement new security initiatives.
- Support the integration of security controls into the development lifecycle.
Required Qualifications and Skills:
- Bachelor's degree in Computer Science, Information Security, or a related field.
- 3-5 years of experience in information security, with a focus on risk management and compliance.
- Strong understanding of cyber security principles, methodologies, and frameworks (e.g., NIST Cybersecurity Framework, ISO 27001, NIST 800-53, NIS2).
- Experience with conducting security assessments and risk assessments.
- Familiarity with security standards and regulations (e.g., ISO 27001, ISO 9001, GDPR, CCPA).
- Experience with security tools and technologies (e.g., SIEM, IDS/IPS, firewalls, vulnerability scanners).
- Excellent communication, presentation, and interpersonal skills.
- Strong analytical and problem-solving skills.
- Ability to work independently and as part of a team.
- Strong attention to detail and organizational skills.
Preferred Qualifications:
- Experience with cloud security and cloud-native technologies.
- Experience working at a Big 4 consulting firm or similar is a plus.
- Relevant security certifications (e.g., CISSP, CISM, CISA, CRISC, ISO 27001 Lead Auditor) is a plus.
What We Offer
- Salary package w/ competitive benefits according to qualifications and experience
- Opportunities to take responsibility, grow professionally, and Stay Nerdy
- A positive and collaborative work culture
Equal Opportunities Employer - Statement
Liferay is committed to the equal treatment of all candidates, customers and employees and to fostering a culture of dignity at work. Our operating procedure provides for equal opportunities in recruitment and employment with the aim to eliminate discrimination against any job applicant or employee on the basis of race, age, sexual orientation, gender, religion or beliefs, marital or civil partnerships status, family or dependency status, disability, pregnancy and maternity or membership of a traveling community.
#LI-DNP