Security Analyst

A career at Booksy means you're part of a global team focused on helping people around the world feel great about themselves, every day. From empowering entrepreneurs to build successful businesses, to supporting their customers arrange 'me time' moments, we're in the business of helping people thrive and feel fantastic.

Working in an ever-changing, scale-up where things are messy, and resources are limited isn't for everyone. If you thrive in a stable environment with big budgets, clear processes and structures then, if being honest, we're probably not for you. However, if you love bringing order to chaos, inventively solving problems, and prioritizing your own path within ambiguity, then you're likely to love it here.

The Security team coordinates security efforts for the entire Booksy organisation globally. The Security Analyst (GRC) plays a key part in ensuring the organisation's security posture is robust and aligned with industry best practices and regulatory requirements. As a Security Analyst, you will therefore be responsible for implementing and maintaining an effective GRC framework, conducting risk assessments, and driving continuous improvement of our security controls.

• Develop, implement, and maintain an effective GRC framework, including policies, procedures, and standards.
• Collaborate with other risk-management teams to identify and prioritize security risks.
• Develop and maintain an inventory of security controls (ITGC) and ensure their effectiveness through regular testing and monitoring.
• Advise System Owners on the most effective implementation of IT Controls in context of their systems.
• Conduct internal compliance assessments and assist with regulatory compliance efforts (e.g., NIS2, PCI-DSS, SOX, GDPR).
• Prepare and present reports on security risks and compliance status to the management.

• Good understanding of technical and organizational security concepts and their consequences for Booksy.
• Sound experience in defining and operating GRC frameworks and IT Control Frameworks. 
• Ability to plan inter-team projects including multiple stakeholders. Define expectations from every project member and project timelines. Coordinate project delivery and escalations.
• Ability to identify risks in around systems and business processes, determine long-term solutions, (backed up by custom analysis) and lead the project to implement them.
• Experience with security control frameworks (e.g., NIST Cybersecurity Framework, CIS Controls).
• Knowledge of relevant security standards and regulations (e.g., NIS2, PCI-DSS, GDPR, SOX).
• Experience with GRC automation tools (e.g., OneTrust, ServiceNow, RSA Archer) is a plus.
• Relevant certifications (e.g., CISSP, CISM, CISA, CRISC) are a plus.

• The opportunity to be part of something big - the world's fastest growing beauty marketplace.
• Flexible working hours and opportunity to work remotely within your country.
• Work in a welcoming team which is always ready to help.
• Opportunity to develop in an international environment - we have teams in 6 countries.
• Additional benefits that might differ depending on the location.

Our Diversity and Inclusion Commitment:

We work in a highly creative and diverse industry so it goes without saying that we strive to create an inclusive environment for all. We welcome people from all backgrounds and are committed to fair consideration in our hiring process. If you have any accessibility needs or require reasonable adjustments during the interview process, please contact us at , so we can best support you .

Kindly submit your application and CV in English to ensure it is successfully reviewed.