Security Lead

About the Role

We are looking for a Security Lead to strengthen Playson’s information security framework and drive continuous improvement of our security culture.

This role combines technical expertise, investigative focus, and process leadership - ensuring that our systems, data, and people remain secure, compliant, and resilient.

Key Responsibilities

Information Security & Compliance

Maintain and continuously improve the ISO/IEC 27001:2022 Information Security Management System (ISMS).
Foster a strong Security-First mindset across the organization.
Work closely with the CTO, Head of IT, and DevOps to enhance internal security controls.
Conduct internal audits, risk assessments, and coordinate certification renewals.
Update security policies and controls in line with ISO 27001, GDPR, and relevant international frameworks (e.g., NIST CSF and NIS2 principles where applicable).
Manage integrations and alerting within Datadog SIEM, CrowdStrike, Cloudflare, and Google Workspace.
Support DLP implementation and maintain central tracking of security events.
Document risks, incidents, and corrective actions to ensure continuous compliance.

Incident Response & Investigation

Lead investigations into security incidents such as phishing, data leakage, or unauthorized access.
Collect and analyze digital evidence across systems (CrowdStrike, Cloudflare, Google, Slack).
Maintain and enhance incident response playbooks and escalation workflows.
Collaborate with HR, Legal, and IT teams during internal investigations.
Produce post-incident reports and recommend remediation measures.

Endpoint & Access Security

Manage MDM systems (Zoho MDM, Endpoint Central) and ensure full compliance for macOS endpoints.
Maintain CrowdStrike Falcon configurations and endpoint posture enforcement.
Oversee SSO, MFA, and 2FA enforcement across services (Google SSO, DUO Mobile, 1Password).
Implement Just-in-Time (JIT) privilege elevation and regular admin access reviews.
Perform Quarterly RAS Access Management Reviews.
Maintain a consistent audit trail for access management throughout the year.

Requirments

3+ years of experience in information security, IT audit, or digital investigations.
Solid understanding of ISO 27001, GDPR, and modern security frameworks (NIST CSF / NIS2).
Hands-on experience with SIEM / EDR systems
Proven ability to manage SSO, MFA, DLP, and MDM environments.
Strong communication skills in English (B2 or higher).
Analytical mindset, integrity, and attention to detail.

Nice to Have

Certifications: CISSP, CISM, CEH, ISO 27001 Lead Auditor, AWS Security Specialty.
Experience with Zero Trust, PAM, DLP/CASB, or SOAR platforms.
Forensics experience.
Experience in designing awareness programs or running phishing simulations.