Azure Cloud Security Engineer designing and implementing Azure cloud security solutions in hybrid work environment. Join a new competence center in Budapest with international exposure and project stability.
TP
Hybrid Security Risk & Compliance Manager
Posted 3 months ago
About the role
- Security Risk & Compliance Manager managing security assessments and compliance activities at TrueContext. Leading risk management, customer inquiries, and vendor assessments in a hybrid work environment.
Responsibilities
- Lead end-to-end completion of customer security questionnaires, RFIs, and due diligence requests, coordinating inputs from engineering, security, and leadership to ensure accurate and consistent responses
- Maintain and continuously improve a reusable library of standard security answers, architecture descriptions, and supporting evidence mapped to SOC 2 and related frameworks
- Own the third-party/vendor security lifecycle: intake, risk triage, detailed security assessments for higher-risk vendors, ongoing monitoring, and periodic reassessment
- Review vendor SOC 2 reports and other attestations, identify issues or exceptions, document risk, and drive agreed mitigation actions with internal owners
- Coordinate the company’s SOC 2 program activities, including control mapping, evidence collection, tracking remediation items, and preparing for audits
- Partner with engineering teams to understand system design, data flows, and operational practices, translating technical details into clear security and compliance narratives
- Provide security and compliance input on contracts and DPAs, working with Legal and Procurement on security clauses, data protection requirements, and vendor obligations
- Define and track practical metrics (e.g., questionnaire volume/SLAs, vendor risk tiers, open remediation items) and report status and risks
- Educate Sales, Customer Success, and other go-to-market teams on security positioning, SOC 2 scope, and standard responses
Requirements
- 2–5 years of experience in information security, risk management, compliance, or related roles, ideally in a SaaS or cloud-native environment
- Direct experience with customer security questionnaires and vendor risk assessments, including reading SOC 2 reports and other security attestations
- Solid understanding of SOC 2 principles and common security controls (access management, encryption, logging/monitoring, SDLC, incident response, business continuity)
- Ability to interact confidently with senior engineers, translate between technical and non-technical audiences, and influence without direct authority
- Strong written and verbal communication skills with an emphasis on clarity, consistency, and reusability of security and compliance messaging
- Experience with GRC, vendor risk, or compliance platforms (e.g., SOC 2 automation tools, vendor risk management tools) is an asset
Benefits
- Company-wide & team social events
- Wellness yearly allowance
- Annual learning allowance
- Great time off benefits (4 weeks of vacation + 2 True2ME days + 1 TrueCrewCares day)
- Summer FriYAYs (every other Friday off from Victoria Day until Labour Day)
- Catered lunches 2x per week
- An amazing office space with plenty of snacks, drinks, and space to collaborate
- Hybrid work environment (3 days a week in the office)
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Principal Product Security Engineer at Medtronic ensuring compliance with cybersecurity expectations. Leading product security initiatives and guiding R&D teams on secure product lifecycle.
Mid - Level Industrial Security Specialist at Boeing conducting compliance assessments and protecting sensitive information. Overseeing security processes and training for personnel within the organization.
Cloud Security Architect at Boeing responsible for designing cloud security solutions. Collaborating with teams to implement secure cloud infrastructures and maintain compliance with security standards.
Director of Global Site Security at Medtronic leading global security standards and optimizing site - level execution. Collaborating with multiple functions to ensure a comprehensive security ecosystem.
Principal Product Security Engineer leading cybersecurity activities for Medtronic’s R&D organization. Ensuring secure product delivery and compliance with cybersecurity standards across their lifecycle.
Information Security Analyst responsible for implementing and maintaining data protection practices at Autoglass. Ensure compliance with regulatory standards and security best practices.
Senior Software Engineer driving development of privacy features in security platform. Leading technical direction and mentoring engineers for a rapidly growing company.
IT Systemadministrator managing hybrid IT infrastructure and Microsoft 365 services in a dynamic IT team. Responsibilities include security, administration, and support for IT infrastructure.
Join Deloitte as a Senior in Security Architecture, tackling cybersecurity challenges and advising CISO. Collaborate within a multidisciplinary team, defining security frameworks and conducting audits.