Lucanet Group
SaaS
SeniorInformationSecurityAnalyst
Neural analysis suggests this role is
optimal for Senior candidates.
“Senior Information Security Analyst at Lucanet Group. Skills: Information Security, GRC, Compliance-as-code, Risk Management, Vulnerability Management, AI Security. Own complex follow-up questions that need human judgement. Handle assurance calls where a customer needs to hear a credible voice”
What You'll Achieve.
Raise the bar for customer trust; Ensure compliance that runs continuously; Build a best-in-class AI security programme; Enable decisions through pragmatic risk management; Systematically close findings from scanners, pen tests, and bug bounties
Industry & Context.
Address edge-case scenarios where a templated answer isn’t enough; Assess and communicate security risks in a way that enables decisions, not delays them; Apply risk frameworks with commercial awareness
German is a plus but not required
What They're Looking For.
Must Have
3+ years in information security with a focus on GRC, Working knowledge of ISO 27001 and at least one of SOC 1, SOC 2, or C5, The ability to translate security controls into language that sales teams, customers, and executives can act on, Hands-on experience with an ISMS, Familiarity with modern development environments: Git, CI/CD, cloud infrastructure (AWS/Azure/GCP), A default towards automation, Written and spoken English
Nice to Have
Experience with compliance-as-code approaches, Exposure to AI governance, AI risk management, or the emerging regulatory landscape around AI (EU AI Act, ISO 42001, NIST AI RMF), Experience with tools in our stack: Vanta, Orca Security, Aikido Security, GitHub Actions, Track record of reducing manual compliance overhead through tooling, templates, or process redesign, Experience in a B2B SaaS or financial software environment, Curiosity about AI and a willingness to use it in your own workflows, Prior experience in financial software, A traditional GRC background
What You'll Do.
Own complex follow-up questions that need human judgement
Handle assurance calls where a customer needs to hear a credible voice
Address edge-case scenarios where a templated answer isn’t enough
Refine the knowledge base that feeds automation
Expand compliance-as-code philosophy into other areas of the business
Continuous audit monitoring
Automated evidence collection for certification cycles
Real-time compliance reporting
Programmatic control validation across infrastructure and operations
Own vendor security assessments
Evaluate the risk posture of suppliers and partners
Ensure contractual security requirements are met
Assess and communicate security risks
Collaborate with engineering and SRE to prioritise and track remediation of vulnerabilities
Ensure findings from scanners
and bug bounties are closed systematically
How You'll Work.
Team & Collaboration
Collaborate with engineering and SRE to prioritise and track remediation of vulnerabilities; Translate security controls into language that sales teams, customers, and executives can act on
Communication Scope
Translate security controls into language that sales teams, customers, and executives can act on; Hold a customer assurance call and provide clarity on the spot; Communicate security risks
Full Job Description
About us Lucanet is the CFO Solution Platform built for modern finance your job is to raise the bar. Customer trust — the last mile. Our agentic RFP tooling handles the bulk of security questionnaire responses at scale. You own what comes after: the complex follow-up questions that need human judgement, the assurance calls where a customer needs to hear a credible voice, and the edge-case scenarios where a templated answer isn’t enough. You’ll also refine the knowledge base that feeds the automation, making each cycle smarter than the last. Compliance-as-code — beyond CI/CD. We already have compliance checks integrated into our development pipelines. You’ll expand that philosophy into other areas of the business: continuous audit monitoring, automated evidence collection for certification cycles, real-time compliance reporting, and programmatic control validation across infrastructure and operations. The goal is compliance that runs continuously, not compliance that happens once a year. AI security it’s building from a strong foundation into a best-in-class programme. Third-party risk. You’ll own vendor security assessments, evaluating the risk posture of suppliers and partners and ensuring contractual security requirements are met. Pragmatic risk management. You’ll assess and communicate security risks in a way that enables decisions, not delays them. That means applying risk frameworks (ISO 27005, NIST RMF, or similar) with commercial awareness — understanding when a risk needs mitigation, when it needs acceptance, and when the business just needs a clear answer fast. We don’t want someone who flags everything as critical; we want someone who helps the organisation take smart, balanced risks. Vulnerability management. You’ll collaborate with engineering and SRE to prioritise and track remediation of vulnerabilities, ensuring findings from scanners, pen tests, and bug bounties are closed systematically. What you bring to the table Required 3+ years in information s
Applying for this Senior Information Security Analyst role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
ANONYMOUS · UNFILTERED
What do employees actually say about Lucanet Group?
Real rants from real employees. Read before you apply.