Information Security Manager

BrainRocket is a global company creating end-to-end tech products for clients across Fintech, iGaming, and Marketing. ‍Young, ambitious, and unstoppable, we've already taken Cyprus, Malta, Portugal, Poland, and Serbia by storm. Our BRO team consists of 1,300 bright minds creating innovative ideas and products. We don’t follow formats. We shape them. We build what works, launch it fast, and make sure it hits.

We are looking for an Information Security Manager to join our team in one of our offices in Belgrade, Serbia, Warsaw, Poland or Lisbon, Portugal.

✅ Responsibilities: 
Security Audits & Governance 
✔️ Conduct internal security audits of systems, business processes, and new integrations. 
✔️ Review and challenge technical and organizational controls; identify weaknesses and improvement areas. 
✔️ Participate in security architecture discussions and proactively recommend control mechanisms. 

Security Requirements & Control Design 
✔️ Define security requirements for internal systems, tools, and business processes. 
✔️ Work closely with engineering, infrastructure, and product teams to integrate controls into workflows and architectures.
✔️ Validate that implemented controls meet design and compliance objectives.

Risk & Compliance Oversight
✔️ Perform risk assessments for internal tools and third-party services (pre- and post-integration).
✔️ Maintain the Risk Register and work with asset owners on risk mitigation plans aligned with ISO27001/27701 and other frameworks.
✔️ Support audit readiness and evidence collection for ISO 27001, PCI DSS, and other certifications. 

Data Protection & Access Control
✔️ Analyze data flows and define appropriate protection strategies (e.g., encryption, masking, access management). 
✔️ Ensure logging, alerting, and monitoring controls are in place and passed to the SOC.
✔️ Conduct periodic access reviews and role validations.

Security Awareness & Process Improvement
✔️ Contribute to security awareness initiatives and training content. 
✔️ Collaborate with business and IT teams to optimize secure-by-design practices across departments. 

✅ Requirements: 
✔️ 3+ years of experience in information security, internal audit, GRC, or similar roles. 
✔️ Hands-on experience conducting internal audits, risk assessments, and designing/implementing security controls.
✔️ Strong knowledge of ISO 27001/27701, PCI DSS, GDPR, and relevant security frameworks. 
✔️ Experience maintaining a Risk Register and working with asset owners on mitigation planning. 
✔️ Ability to define and validate security requirements for internal systems and processes. 
✔️ Understanding of data protection principles including encryption, masking, and access control. 
✔️ Solid understanding of modern access management approaches such as RBAC, Just-in-Time (JIT) access, and Zero Trust. 
✔️ Strong analytical and documentation skills; ability to structure findings and communicate clearly across teams. 
✔️ Self-driven and structured approach to auditing, with the ability to work across technical and business functions. 

✅ Nice to have:
✔️ Experience supporting external certification audits (ISO 27001, PCI DSS, etc.). 
✔️ Relevant certifications such as ISO 27001 Lead Auditor, CISA, CRISC, CISSP, or CompTIA Security+.
✔️ Experience collaborating with a SOC team or working with log and alert management systems

Bold moves start here. Make yours. Apply today! 

By submitting your application, you agree to our Privacy Policy.