Company Description

BlueMatrix is a fintech company powering the future of finance with AI-ready infrastructure that transforms data into advantage. Trusted by the global research community for more than 25 years, BlueMatrix serves investment banks, brokers, independent analysts, investment firms, wealth managers, and multinational corporations worldwide. With over 600 research providers, 1.5 million documents published annually, and 40% of North American research distributed through its platform, BlueMatrix sits at the heart of the global investment research ecosystem. Founder-led, the company is known for its neutral market position, deep industry expertise, and 24/7 support across North America, Europe, and Asia-Pacific. 

Role Description

As a key member of our Information Security team, the Information Security Analyst plays a vital role in safeguarding the organization's information assets and upholding the trust of our clients and stakeholders. This position sits at the crossroads of compliance, operations, and engineering, calling for a hands-on practitioner who is equally at ease managing audit evidence, responding to security incidents, and advising clients on our security posture. The ideal candidate combines solid technical expertise with strong organizational skills and the ability to communicate security concepts clearly to both technical and non-technical audiences.

QUALIFICATIONS

Required

• 3+ years of experience in an information security, security operations, or GRC role.
• Hands-on experience with SIEM and endpoint detection and response tools.
• Experience managing security questionnaires or GRC platforms.
• Solid understanding of common security frameworks including SOC 2, ISO 27001, NIST CSF, and CIS Controls.
• Strong written and verbal communication skills, with the ability to translate technical concepts for non-technical audiences.
• Ability to manage multiple priorities and meet deadlines in a fast-paced environment.

Preferred

• Industry certification such as CompTIA Security+, SSCP, CySA+, or equivalent.
• Experience with cloud security posture management across major cloud environments.
• Familiarity with scripting or automation for security workflow enhancement.
• Background in a SaaS, fintech, or regulated industry environment.
• Knowledge of data privacy regulations such as GDPR, CCPA, and HIPAA as they relate to security controls.

KEY RESPONSIBILITIES

Audit & Compliance Evidence Management

• Collect, organize, and submit evidence packages in support of internal and external audits, including SOC 2, ISO 27001, and other relevant frameworks.
• Maintain a structured evidence repository, ensuring documentation is accurate, up to date, and audit-ready at all times.
• Work cross-functionally with Engineering, HR, Legal, and Finance to gather required control artifacts on schedule.
• Track open audit findings and remediation timelines, providing regular updates to security leadership.

Client Security Questionnaires & Trust Enablement

• Manage the end-to-end lifecycle of security questionnaires from clients and prospects, from intake to submission.
• Use available tooling to streamline response turnaround and reduce manual effort where possible.
• Prioritize new business opportunities by removing security-related blockers in the sales cycle.
• Handle follow-up client security inquiries with accuracy and professionalism, in line with agreed response timelines.
• Build and maintain a reusable response library to drive consistency and efficiency over time.

Security Event, Escalation & Incident Response

• Monitor security alert queues for indicators of compromise, anomalous behavior, and policy violations.
• Triage, investigate, and document security events, distinguishing false positives from genuine threats.
• Escalate confirmed incidents in line with the organization's Incident Response Plan, ensuring timely stakeholder notification.
• Take part in post-incident reviews and contribute to lessons learned and process improvement efforts.

Security Configuration Reviews & Engineering Support

• Participate in security configuration reviews of cloud infrastructure, SaaS platforms, and on-premise systems against established security standards.
• Collaborate with Engineering and DevSecOps teams to assess proposed technical changes for security impact and compliance alignment.
• Support the deployment and tuning of security controls across identity & access management, endpoint protection, and data loss prevention.
• Contribute to vulnerability management workflows, including risk prioritization and remediation tracking.

WORK SETUP

This role is based in our Timișoara office and follows a hybrid work model, offering the flexibility of remote work alongside a collaborative, professional in-office environment. You'll be joining a global team that operates across multiple markets, bringing an international perspective to everything we do.

Show more
Show less