Lucanet Group
SaaS
SeniorInformationSecurityAnalyst
Neural analysis suggests this role is
optimal for Senior candidates.
“Senior Information Security Analyst at Lucanet Group. Skills: Information Security, GRC, Risk Management, Compliance, Automation. Handle complex follow-up questions requiring human judgment. Conduct assurance calls with customers”
What You'll Achieve.
Raise the bar for customer trust; Ensure compliance that runs continuously; Build a best-in-class AI security programme; Enable decisions through pragmatic risk management; Reduce manual compliance overhead
Industry & Context.
Handle complex follow-up questions that need human judgement; Address edge-case scenarios where a templated answer isn’t enough; Assess and communicate security risks in a way that enables decisions, not delays them
Written and spoken English, German is a plus but not required
What They're Looking For.
Must Have
3+ years in information security with a focus on GRC, Working knowledge of ISO 27001 and at least one of SOC 1, SOC 2, or C5, Ability to translate security controls into language that sales teams, customers, and executives can act on, Hands-on experience with an ISMS, Familiarity with modern development environments: Git, CI/CD, cloud infrastructure (AWS/Azure/GCP), Default towards automation
Nice to Have
Experience with compliance-as-code approaches, Exposure to AI governance, AI risk management, or the emerging regulatory landscape around AI (EU AI Act, ISO 42001, NIST AI RMF), Experience with tools in our stack: Vanta, Orca Security, Aikido Security, GitHub Actions, Track record of reducing manual compliance overhead through tooling, templates, or process redesign, Experience in a B2B SaaS or financial software environment, Curiosity about AI and a willingness to use it in your own workflows, Prior experience in financial software, A traditional GRC background
What You'll Do.
Handle complex follow-up questions requiring human judgment
Conduct assurance calls with customers
Refine the knowledge base feeding automation
Expand compliance-as-code philosophy into other business areas
Perform continuous audit monitoring
Automate evidence collection for certification cycles
Provide real-time compliance reporting
Perform programmatic control validation across infrastructure and operations
Own vendor security assessments
Evaluate risk posture of suppliers and partners
Ensure contractual security requirements are met
Assess and communicate security risks
Collaborate with engineering and SRE to prioritize and track remediation of vulnerabilities
Ensure systematic closure of findings from scanners
How You'll Work.
Team & Collaboration
Collaborate with engineering and SRE to prioritise and track remediation of vulnerabilities; Translate security controls into language that sales teams, customers, and executives can act on
Communication Scope
Hold a customer assurance call; Provide clarity on the spot; Translate security controls into language that sales teams, customers, and executives can act on; Communicate security risks
Full Job Description
About us Lucanet is the CFO Solution Platform built for modern finance your job is to raise the bar. Customer trust — the last mile. Our agentic RFP tooling handles the bulk of security questionnaire responses at scale. You own what comes after: the complex follow-up questions that need human judgement, the assurance calls where a customer needs to hear a credible voice, and the edge-case scenarios where a templated answer isn’t enough. You’ll also refine the knowledge base that feeds the automation, making each cycle smarter than the last. Compliance-as-code — beyond CI/CD. We already have compliance checks integrated into our development pipelines. You’ll expand that philosophy into other areas of the business: continuous audit monitoring, automated evidence collection for certification cycles, real-time compliance reporting, and programmatic control validation across infrastructure and operations. The goal is compliance that runs continuously, not compliance that happens once a year. AI security it’s building from a strong foundation into a best-in-class programme. Third-party risk. You’ll own vendor security assessments, evaluating the risk posture of suppliers and partners and ensuring contractual security requirements are met. Pragmatic risk management. You’ll assess and communicate security risks in a way that enables decisions, not delays them. That means applying risk frameworks (ISO 27005, NIST RMF, or similar) with commercial awareness — understanding when a risk needs mitigation, when it needs acceptance, and when the business just needs a clear answer fast. We don’t want someone who flags everything as critical; we want someone who helps the organisation take smart, balanced risks. Vulnerability management. You’ll collaborate with engineering and SRE to prioritise and track remediation of vulnerabilities, ensuring findings from scanners, pen tests, and bug bounties are closed systematically. What you bring to the table Required 3+ years in information s
Applying for this Senior Information Security Analyst role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
ANONYMOUS · UNFILTERED
What do employees actually say about Lucanet Group?
Real rants from real employees. Read before you apply.