Security Compliance Specialist at Trezor

Popis pracovní pozice:

Nejnovější informace o práci od Trezor na pozici Security Compliance Specialist. If the Security Compliance Specialist volné místo v Praha odpovídá vaší kvalifikaci, zašlete svou aktuální žádost nebo CV přímo přes aktualizovaný portál Jobkos.

Vezměte prosím na vědomí, že hledání práce nemusí být vždy snadné, protože kandidáti musí splňovat určité požadavky stanovené společností. Doufáme, že kariérní příležitost v Trezor na pozici Security Compliance Specialist níže odpovídá vaší kvalifikaci.

At Trezor, security isn’t a checkbox. Security has always been at the core of what we do. From day one, we understood the risks of weak security practices. That’s why we didn’t just follow standards — we helped define them. We introduced the První hardware wallet and pioneered widely adopted security features such as Recovery seeds, Passphrases, and Shamir Backup — all of which contributed to our global success.

We’re now looking for a Security Compliance Specialist who will help us strengthen and scale our cybersecurity and compliance framework, particularly in light of evolving regulations such as NIS2 and CRA. This is a cross-functional role with real impact. You’ll collaborate across teams and actively shape how security and compliance operate in a growing tech Firma — without the bureaucracy of a large corporation.

If you’re looking for a role where compliance is practical, meaningful, and closely tied to real-world security, keep reading.

What You'll Do

Rather than owning just one narrow domain, you’ll support multiple areas of security and compliance:

• Supply Chain Security:
  • Conduct assessments of IT systems supply chain risks, focusing on cybersecurity aspects
  • Develop and enforce security standards and protocols for suppliers
  • Monitor and evaluate the cybersecurity practices of suppliers and partners
• Access Management (mostly for cloud-based SaaS applications):
  • Support the design and implementation of access control policies and procedures, ensuring that employees have access only to the resources necessary for their roles
  • Participate in the user account management, including setting up, modifying, and revoking access as needed
  • Support regular access reviews to ensure compliance with the least-privilege principles
• Testing & Auditing:
  • Coordinate and execute regular security and compliance audits
  • Analyze audit and test results to identify vulnerabilities and non-compliance issues
  • Recommend and follow up on corrective actions to address identified weaknesses
• Risk Management Support:
  • Assist in identifying and evaluating risks to data and information systems
  • Help with developing strategies and rules to mitigate identified risks
  • Collaborate with various departments to ensure risk management measures are integrated across the Firma
• Data Protection & Privacy:
  • Conduct regular reviews of data processing activities
  • Support implementation of data protection policies with focus on compliance with GDPR
• Asset Management:
  • Assist in maintaining an inventory of all IT assets and ensure they are correctly classified and managed according to their security requirements. Participate in the development and enforcement of policies related to the lifecycle management of these assets, including procurement, usage, and disposal
• People Management:
  • Collaborate with HR to ensure that roles and responsibilities are clearly defined and integrated into access management
  • Support embedding cybersecurity awareness into the organizational culture
• Classification of Information:
  • Help in the implementation of a data classification framework to categorize data based on sensitivity
  • Support in implementing controls and handling procedures for different categories of data
  • Collaborate with relevant departments to ensure consistent application of the classification scheme across the organization

Who You Are

• You have 2+ years of experience in a security and/or compliance role, with a strong focus on IT segment
• Basic orientation in ISMS, ISO 27001, CRA and NIS2 regulatory requirements
• Ability to effectively communicate security concepts to both non-technical and technical stakeholders
• Adaptability, a high level of attention to detail
• Demonstrated reliability and strong issue-resolution skills
• Proficiency in English is essential

Informace o práci: