Information Security Manager

Overview

Brain Rocket is a global company creating end-to-end tech products for clients across Fintech, iGaming, and Marketing. We are a young, ambitious team with offices in multiple locations and a growing workforce focused on building what works, launching fast, and delivering impact.

Important – On-Site Role This is an on-site position based at one of our offices:
Belgrade (Serbia), Lisbon (Portugal), Sofia (Bulgaria), Valencia (Spain), Warsaw (Poland), or Yerevan (Armenia). Remote or hybrid arrangements are not available. Candidates must already be in the location or be willing to relocate. Relocation support will be provided if needed.

We are seeking an Information Security Manager to join our team.

• Security Audits & Governance:
  Conduct internal security audits of systems, business processes, and new integrations. Review and challenge technical and organisational controls; identify weaknesses and improvement areas. Participate in security architecture discussions and proactively recommend control mechanisms.
• Security Requirements & Control Design:
  Define security requirements for internal systems, tools, and business processes. Work closely with engineering, infrastructure, and product teams to integrate controls into workflows and architectures. Validate that implemented controls meet design and compliance objectives.
• Risk & Compliance Oversight:
  Perform risk assessments for internal tools and third-party services (pre- and post-integration). Maintain the Risk Register and work with asset owners on risk mitigation plans aligned with ISO
  27001/27701 and other frameworks. Support audit readiness and evidence collection for ISO 27001, PCI DSS, and other certifications.
• Data Protection & Access Control:
  Analyse data flows and define appropriate protection strategies (e.g., encryption, masking, access management). Ensure logging, alerting, and monitoring controls are in place and passed to the SOC. Conduct periodic access reviews and role validations.
• Security Awareness & Process Improvement:
  Contribute to security awareness initiatives and training content. Collaborate with business and IT teams to optimize secure-by-design practices across departments.

• 3+ years of experience in information security, internal audit, GRC, or similar roles.
• Hands-on experience conducting internal audits, risk assessments, and designing/implementing security controls.
• Strong knowledge of ISO 27001/27701, PCI DSS, GDPR, and relevant security frameworks.
• Experience maintaining a Risk Register and working with asset owners on mitigation planning.
• Ability to define and validate security requirements for internal systems and processes.
• Understanding of data protection principles including encryption, masking, and access control.
• Solid understanding of modern access management approaches such as RBAC, Just-in-Time (JIT) access, and Zero Trust.
• Strong analytical and documentation skills; ability to structure findings and communicate clearly across teams.
• Self-driven and structured approach to auditing, with the ability to work across technical and business functions.

• Experience supporting external certification audits (ISO 27001, PCI DSS, etc.).
• Relevant certifications such as ISO 27001 Lead Auditor, CISA, CRISC, CISSP, or CompTIA Security+.
• Experience collaborating with a SOC team or working with log and alert management systems.

• Learning and development opportunities and interesting, challenging tasks.
• Opportunity to develop language skills, with partial compensation for the cost of English classes.
• Global coverage health insurance.
• Time for proper rest, with 20 working days of annual vacation and additional paid sick days.
• Competitive remuneration level with annual review.
• Team-building activities.

Bold moves start here. Make yours. Apply today!