What We Do
Marcura is a global leader in digital solutions for the maritime industry, providing software and services that help shipowners, operators, and maritime professionals streamline operations, reduce costs, and stay compliant. With a strong focus on innovation, data integrity, and security,Marcura'sproducts support critical workflows such as port cost management, payments, and data intelligence. The company is committed tomaintainingrobust information security practices to protect sensitive financial and operational data, ensuring trust, resilience, and compliance across its global platform.
Who We Need
We'researching for aSeniorInformation Securityand ComplianceAnalystto join our crew. As our idealSeniorInformation Securityand ComplianceAnalystyou will interact with multiple stakeholders within the organization and contribute innovative solutions forsecurity programs and continuous monitoring capabilities. You will alsobe responsible forthe ongoing management of information security policies, procedures, and technical systemsin order tomaintainthe confidentiality, integrity, and availability of all organizational information systems.
WhatYou'llDo
- Lead in the development/adoption and enforcement of Information Security policies,proceduresand standards. Conduct and complete an annual review of required PCI, SOC2 regulations and reports.
- Ensure compliance through adequate training programs and periodic security audits. These audits should be both internal and external in nature.
- Execute and manage vulnerability scanning programs, analyze scan results in depth, prioritize risks based on exploitability and business impact, and work directly with engineering teams to remediate findings.
- Integrate security into the software development lifecycle by performing code reviews, supporting secure coding practices, and implementing automated security testing tools such as SASTand dependency scanning.
- Assess third-party systems and integrations from a technical security perspective,identifyingrisks in APIs, data flows, and external dependencies.
- Conduct detailed risk assessments, threat modeling exercises, and security architecture reviews for new and existing systems, providing actionable recommendations and technical guidance.
- Develop, implement, and tune detection rules and use cases within security monitoring platforms to improve visibility and reduce false positives.
- Maintain the Company's Security Policies. These are formal policies that detail and document actual mechanisms and controls and should include at least the following:
- Administrative: Risk analysis and management, documentation management and controls, information accesscontrolsand sanctions for failure tocomply.
- Personnel Security: Personnel only have access to sensitive information for which they haveappropriate authorityand clearance.
- Physical Safeguards: Assign security responsibilities, control access to media and the controls in place against unauthorized access to workstations and related equipment.
- Technical Security: Set the access and authorization controls for everyday operations as well as emergency procedures for data.
- Transmission security: Set the standards for access controls, audit trails, event reporting,encryptionand integrity controls.
- Take on other tasks and duties as assigned.
- Bachelor's degree in a related field
- 5+ years' experience working in information security
- Experience working in a global, distributed environment is a plus
- Strong understanding of security frameworks and standards (e.g., ISO 27001, NIST, SOC 2)
- Understanding of other technology sub-areas, i.e., server administration, server security, testing and implementation processes and procedures
- Strong skill in problem solving toidentify, communicate, and implement action when needed.
- 2+ years of experience using vulnerability assessment tools,analyzingand interpreting assessment results.
- 3+ years of experience with strong understanding of infrastructure technologies and functionalitiesboth on-premises and cloud(e.g., firewalls, Windows/Linux servers, Active Directory, Azure, AWS, GCP)
We'llgive you extra credit for:
- Experience working in a highly regulated environment
What You'll Gain
- Exposure to strategic, monetization, and commercial product development.
- Mentorship from experienced product and growth leaders.
- The opportunity to see the full product lifecycle, from discovery to revenue impact.
- The chance to make a measurable impact on business and customer KPIs.