An inclusive work environment is an empowering one. At Cutover, we lead with empathy and enable others to succeed through curiosity, kindness, and self-expression.
Location: US, remote (CST or EST time zone), willing to travel to New York office for audits as required
We regret that we are unable to provide work visa sponsorship at this time.
Cutover provides enterprise technology operations teams with an AI-powered SaaS solution that automates and streamlines complex processes with intelligent runbooks. The Cutover solution enables teams to respond to incidents quickly, recover from IT outages, and manage cloud migrations with precision and efficiency. Cutover is used in many of the world's largest financial institutions to support their critical technology operations, including 5 out of the top 6 largest asset managers and 3 out of the top 5 US banks.
What does this role mean to us?
We are looking for a versatile, proactive mid-Level Security Analyst to join our lean but high-impact security team. This “generalist” role offers a 360-degree view of Information Security and is designed for someone who thrives on variety—one day you’ll be leading a SOC 2 audit, and the next you’ll be triaging a security alert or refining our AWS security posture.
As a key member of a small team, you won’t just be following a playbook; you’ll be writing it. You will have significant autonomy and the power to influence our global security strategy directly.
What will you be doing as our Information Security Analyst?
- Compliance & Audit Leadership: Support the maintenance of our compliance frameworks, specifically ISO 27001 and SOC2 Type II. You will need to be comfortable being a primary point of contact for external auditors.
- Client Assurance: Own the end-to-end process for Client Audits and Security RFIs, translating our complex technical controls into clear, professional, and digestible responses for stakeholders.
- Cloud Governance: Apply a GRC lens to our cloud environment, ensuring that our AWS infrastructure aligns with best practices (CIS benchmarks) and triage alerts in line with our internal risk appetite.
- Incident Management & Triage: Monitor security tools and act as a first-to-second responder for alert triage. You’ll manage the lifecycle of security incidents, from discovery to post-mortem.
- Third-Party Risk Management: Conduct thorough due diligence on suppliers, integrations , ensuring our supply chain meets our rigorous security standards.
- Risk-Based Decision Making: Conduct risk assessments across the business, providing actionable advice that balances security requirements with operational efficiency.
- Security Automation: Identify opportunities to automate manual GRC and SecOps tasks to increase the team's velocity.
What we’d like you to bring to the table…
- 3-5 years experience in Information Security, with a proven track record in a ‘full stack’ security or GRC role
- Experience triaging alerts (CSPM/SIEM/EDR), incident management and a foundational understanding of cloud native security tools
- You enjoy creating processes where none exist and can move from "problem identified" to "solution implemented" independently.
- You’ve led SOC2 or ISO27001 audits and know how to manage evidence collection, auditor expectations and communicate to stakeholders effectively.
- Relevant certifications are a plus (CISA, CISSP), but we value functional experience and the ability to apply security principles to real-world business problems above all else.
The good stuff…
- We're excited to offer Share Options as part of our compensation package.
- 20 days of PTO per year + public holidays, and we want you to take all of them!
- 3 volunteer days to use for any charitable/voluntary cause you would like.
- A top-tier private health insurance package.
- 401k contribution plan
- Work from home stipends
- A personal learning and development budget through Learnerbly. You’ll be supported in your quest for knowledge, whatever that looks like to you.
- If you’re thinking of starting or growing your family, then you’ll be in great company - more than half of our team are parents and we’ve built a globally consistent parental leave approach that we’re proud of.
- Employee Referral Scheme.
- Safeguarding the mental health of our teams is paramount for us. If you’d like to, then you’ll be able to avail yourself of multiple Cutover mental health initiatives, from fully subsidized therapy sessions to subscriptions to leading wellbeing platforms.
Target compensation package: $145,000-155,000 base salary + stock options + benefits
The final offer may vary from the target compensation package, taking into consideration factors such as your experience level and skill set. If we aren't aligned on salary at this stage, we’d still love to hear from you to better understand if there are more suitable opportunities at Cutover.
Diversity Statement - Empowering Our Teams
We encourage our team to bring their authentic selves to work, which we have found has strengthened workplace relationships and fostered a genuine sense of community.
If you are excited by this role, we invite you to apply! Even if your profile doesn’t check all the boxes, please don't simply scroll past! We recognize that talent lies everywhere and that some demographic groups are more likely to apply for a "stretch role" than others. We are always open to different perspectives and professional backgrounds to keep Cutover's culture evolving and to ensure that we never stop learning.
Cutover is an Equal Opportunity Employer. Maintaining an equitable hiring process is imperative to our mission. All applicants are considered without regard to race, ethnicity, national origin, religion, sex, gender identity, sexual orientation, age, mental or physical disability, marital status, protected veteran or parental status.
Learn more about Life at Cutover, our Guiding Principles, and our latest news on Twitter and LinkedIn