Security Compliance Specialist at Satoshilabs

At Trezor [Upgrade to PRO to see link] security isn’t a checkbox. Security has always been at the core of what we do. From day one, we understood the risks of weak security practices. That’s why we didn’t just follow standards — we helped define them. We introduced the first hardware wallet and pioneered widely adopted security features such as Recovery seeds [Upgrade to PRO to see link] Passphrases [Upgrade to PRO to see link] and Shamir Backup [Upgrade to PRO to see link] — all of which contributed to our global success. We’re now looking for a Security Compliance Specialist who will help us strengthen and scale our cybersecurity and compliance framework, particularly in light of evolving regulations such as NIS2 and CRA. This is a cross-functional role with real impact. You’ll collaborate across teams and actively shape how security and compliance operate in a growing tech company — without the bureaucracy of a large corporation. If you’re looking for a role where compliance is practical, meaningful, and closely tied to real-world security, keep reading. 👉 WHAT YOU'LL DO Rather than owning just one narrow domain, you’ll support multiple areas of security and compliance: - Supply chain security: - Conduct assessments of IT systems supply chain risks, focusing on cybersecurity aspects - Develop and enforce security standards and protocols for suppliers - Monitor and evaluate the cybersecurity practices of suppliers and partners - Access Management (mostly for cloud-based SaaS applications): - Support the design and implementation of access control policies and procedures, ensuring that employees have access only to the resources necessary for their roles - Participate in the user account management, including setting up, modifying, and revoking access as needed - Support regular access reviews to ensure compliance with the least-privilege principles - Testing and auditing: - Coordinate and execute regular security and compliance audits - Analyze audit and test results to identify vulnerabilities and non-compliance issues - Recommend and follow up on corrective actions to address identified weaknesses - Risk management support: - Assist in identifying and evaluating risks to data and information systems - Help with developing strategies and rules to mitigate identified risks - Collaborate with various departments to ensure risk management measures are integrated across the company - Data protection and privacy: - Conduct regular reviews of data processing activities - Support implementation of data protection policies with focus on compliance with GDPR - Asset management: - Assist in maintaining an inventory of all IT assets and ensure they are correctly classified and managed according to their security requirements. Participate in the development and enforcement of policies related to the lifecycle management of these assets, including procurement, usage, and disposal - People Management: - Collaborate with HR to ensure that roles and responsibilities are clearly defined and integrated into access management - Support embedding cybersecurity awareness into the organizational culture - Classification of Information: - Help in the implementation of a data classification framework to categorize data based on sensitivity - Support in implementing controls and handling procedures for different categories of data - Collaborate with relevant departments to ensure consistent application of the classification scheme across the organization 💪 WHO YOU ARE - You have 2+ years of experience in a security and/or compliance role, with a strong focus on IT segment - Basic orientation in ISMS, ISO 27001, CRA and NIS2 regulatory requirements - Ability to effectively communicate security concepts to both non-technical and technical stakeholders - Adaptability, a high level of attention to detail - Demonstrated reliability and strong issue-resolution skills - Proficiency in English is essential 🤝 WHAT WE OFFER - A unique opportunity to be part of a pioneering company in the crypto industry - Option to receive part of your compensation in bitcoin - Flexible working hours and a supportive team to help you implement your ideas - Budget for professional development, including training programs, courses, and workshops of your choice - Friendly, open culture with regular company events and fun get-togethers - Renovated offices with a gym, massages, football table, billiards, PlayStation, 3D printer and free on-site parking - Additional benefits such as a MultiSport card, company mobile phone tariff, and more 👋 Sounds good? Then we want to hear from you! Just submit your CV, together with a cover letter. We’ll get in touch with you as soon as we review your application, most likely within a week.