Job Description

Description

eToro has created an intuitive Social Trading platform that gives traders and investors access to global stock markets, commodity trading, cryptocurrency trading, and more. We strive to make money management available and accessible to everyone (even to users with no prior experience or knowledge). We have over 33 million users worldwide, and our platform is available in over 140 countries around the world.

With over 1500 employees worldwide, We have locations in the US, Cyprus, UK, Australia, Germany, and Israel, and we are constantly growing and expanding into new markets.

We are looking for a Cybersecurity and Privacy Compliance Analyst to enhance our security governance, risk management, and compliance efforts. In this role, you will develop and maintain security policies, assess cybersecurity risks, conduct vendor security reviews, and support regulatory compliance initiatives. You will work closely with cross-functional teams to strengthen the organization’s security posture, ensure adherence to industry standards, and mitigate emerging risks. This is an exciting opportunity for a security professional looking to expand their expertise in a dynamic and fast-paced environment.

What will you be doing?

• Risk Management & Security Architecture:
• Identify, assess, and mitigate cybersecurity risks across enterprise systems, cloud platforms, and applications.
• Design and oversee security architecture to support business objectives while ensuring compliance and risk mitigation.
• Collaborate with engineering teams to embed security-by-design principles and to ensure security best practices in cloud, application, and infrastructure security.
• Communicate and elucidate application security and cloud security issues identified through penetration tests and Bug Bounty programs, ensuring their remediation is tracked and managed.
• Proactively detect and address potential product security issues within the assigned area of responsibility, ensuring timely and effective resolution.
• Conduct security reviews and risk assessments for new technology deployments.
• Develop strategies for secure cloud adoption (Azure, AWS).
• Policy Development:
• Write and maintain cybersecurity and privacy policies and procedures to ensure compliance with industry standards and regulations.
• Business Continuity:
• Assist in executing and improving business continuity plans and testings.
• Training and Awareness:
• Help develop and deliver security and privacy training programs; assist with phishing simulations and awareness campaigns.
• Cyber & Privacy Support:
• Work alongside the BISO and IT department to support cybersecurity and privacy compliance efforts.
• Vendor and Governance:
• Conduct security assessments of vendors, partners, and third-party service providers.
• Develop and implement a third-party risk management framework to align vendor security assessments with regulatory requirements.
• Stay updated on emerging threats, regulatory changes, and cybersecurity trends to improve GRC strategies.
• Compliance Support:
• Support the Compliance team for various initiatives such as annual testing, responding to regulatory inquiries and examination/audit requests, management of audit/exam remediation, regulatory reporting (e.g. data breach, cyber attack event, etc.), and monitoring for regulatory changes and management of necessary program enhancements.
• Dynamic Responsibilities:
• Take on additional tasks, projects, or initiatives as needed to support evolving business priorities and contribute to the overall success of the organization.
• Risk Management & Security Architecture:
• Identify, assess, and mitigate cybersecurity risks across enterprise systems, cloud platforms, and applications.
• Design and oversee security architecture to support business objectives while ensuring compliance and risk mitigation.
• Collaborate with engineering teams to embed security-by-design principles and to ensure security best practices in cloud, application, and infrastructure security.
• Communicate and elucidate application security and cloud security issues identified through penetration tests and Bug Bounty programs, ensuring their remediation is tracked and managed.
• Proactively detect and address potential product security issues within the assigned area of responsibility, ensuring timely and effective resolution.
• Conduct security reviews and risk assessments for new technology deployments.
• Develop strategies for secure cloud adoption (Azure, AWS).
• Policy Development:
• Write and maintain cybersecurity and privacy policies and procedures to ensure compliance with industry standards and regulations.
• Business Continuity:
• Assist in executing and improving business continuity plans and testings.
• Training and Awareness:
• Help develop and deliver security and privacy training programs; assist with phishing simulations and awareness campaigns.
• Cyber & Privacy Support:
• Work alongside the BISO and IT department to support cybersecurity and privacy compliance efforts.
• Vendor and Governance:
• Conduct security assessments of vendors, partners, and third-party service providers.
• Develop and implement a third-party risk management framework to align vendor security assessments with regulatory requirements.
• Stay updated on emerging threats, regulatory changes, and cybersecurity trends to improve GRC strategies.
• Compliance Support:
• Support the Compliance team for various initiatives such as annual testing, responding to regulatory inquiries and examination/audit requests, management of audit/exam remediation, regulatory reporting (e.g. data breach, cyber attack event, etc.), and monitoring for regulatory changes and management of necessary program enhancements.
• Dynamic Responsibilities:
• Take on additional tasks, projects, or initiatives as needed to support evolving business priorities and contribute to the overall success of the organization.

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field (or equivalent experience).
• 3+ years of experience in cybersecurity, with a focus on GRC, risk management, and security architecture.
• Good knowledge of regulatory requirements (e.g., GDPR, NYDFS, PCI-DSS, NIST CSF, SOC 2).
• Strong written communication skills with an interest in policy development.
• Understanding of cybersecurity frameworks (e.g., NIST, ISO) and data privacy regulations (e.g., GLBA, CCPA).
• Strong organizational skills and the ability to manage multiple tasks in a remote environment.
• Experience in identifying and understanding application security issues such as findings from penetration tests and Bug Bounty programs, code scans.
• Relevant certifications (CISSP, CISM, CISA, CRISC, CCSP) are highly desirable.

What We Offer:

• Hybrid work model
• Competitive salary
• Comprehensive benefits package
• Team events
• Cell phone stipend
• Daily lunch
• Gym stipend
• 6% 401K match
• 100% insurance coverage for the employee

Location:

This position offers a hybrid work model, with the flexibility to work remotely with in-office attendance in Hoboken, NJ required at least once a week

Job Tags

Full time, Remote job, Worldwide,

Similar Jobs