Senior Information Security and Compliance Analyst

What We Do 

Marcura is a global leader in digital solutions for the maritime industry, providing software and services that help shipowners, operators, and maritime professionals streamline operations, reduce costs, and stay compliant. With a strong focus on innovation, data integrity, and security, Marcura’s products support critical workflows such as port cost management, payments, and data intelligence. The company is committed to maintaining robust information security practices to protect sensitive financial and operational data, ensuring trust, resilience, and compliance across its global platform. 
 

Who We Need 

We’re searching for a Senior Information Security and Compliance Analyst to join our crew. As our ideal Senior Information Security and Compliance Analyst you will interact with multiple stakeholders within the organization and contribute innovative solutions for security programs and continuous monitoring capabilities. You will also be responsible for the ongoing management of information security policies, procedures, and technical systems in order to maintain the confidentiality, integrity, and availability of all organizational information systems.  

What You’ll Do 

• Lead in the development/adoption and enforcement of Information Security policies, procedures and standards. Conduct and complete an annual review of required PCI, SOC2 regulations and reports. 

• Ensure compliance through adequate training programs and periodic security audits. These audits should be both internal and external in nature. 

• Execute and manage vulnerability scanning programs, analyze scan results in depth, prioritize risks based on exploitability and business impact, and work directly with engineering teams to remediate findings. 

• Integrate security into the software development lifecycle by performing code reviews, supporting secure coding practices, and implementing automated security testing tools such as SAST and dependency scanning. 

• Assess third-party systems and integrations from a technical security perspective, identifying risks in APIs, data flows, and external dependencies. 

• Conduct detailed risk assessments, threat modeling exercises, and security architecture reviews for new and existing systems, providing actionable recommendations and technical guidance. 

• Develop, implement, and tune detection rules and use cases within security monitoring platforms to improve visibility and reduce false positives. 

• Maintain the Company’s Security Policies. These are formal policies that detail and document actual mechanisms and controls and should include at least the following: 

• Administrative: Risk analysis and management, documentation management and controls, information access controls and sanctions for failure to comply. 

• Personnel Security: Personnel only have access to sensitive information for which they have appropriate authority and clearance. 

• Physical Safeguards: Assign security responsibilities, control access to media and the controls in place against unauthorized access to workstations and related equipment. 

• Technical Security: Set the access and authorization controls for everyday operations as well as emergency procedures for data. 

• Transmission security: Set the standards for access controls, audit trails, event reporting, encryption and integrity controls. 

• Take on other tasks and duties as assigned. 

• Bachelor’s degree in a related field 

• 5+ years’ experience working in information security 

• Experience working in a global, distributed environment is a plus 

• Strong understanding of security frameworks and standards (e.g., ISO 27001, NIST, SOC 2) 

• Understanding of other technology sub-areas, i.e., server administration, server security, testing and implementation processes and procedures 

• Strong skill in problem solving to identify, communicate, and implement action when needed. 

• 2+ years of experience using vulnerability assessment tools, analyzing and interpreting assessment results. 

• 3+ years of experience with strong understanding of infrastructure technologies and functionalities both on-premises and cloud (e.g., firewalls, Windows/Linux servers, Active Directory, Azure, AWS, GCP) 

We’ll give you extra credit for: 

• CISSP Certification 

• Experience working in a highly regulated environment

What You’ll Gain

• Exposure to strategic, monetization, and commercial product development.
• Mentorship from experienced product and growth leaders.
• The opportunity to see the full product lifecycle, from discovery to revenue impact.
• The chance to make a measurable impact on business and customer KPIs.