Home › Companies › Beqom › Compliance & Information Security Analyst

Compliance & Information Security Analyst

Beqom · Dublin 2, Dublin, D02 H270, Ireland · Active · BambooHR

Job facts

Field	Value
Company	Beqom
Title	Compliance & Information Security Analyst
Normalized title	-
Department / team	InfoSec
Location	Dublin 2, Dublin
Work model	-
Employment type	Full Time
Salary	-
Status	active
ATS provider	BambooHR
Posted / first seen	2026-04-07 / 2026-05-30
Changed / last seen	2026-05-30 / 2026-06-06

Related slices

Page	What it contains	Open
Company jobs	Active postings from Beqom.	Open
Company breakdowns	Role, location, ATS, and work model facets for this company.	Open
ATS provider jobs	Active postings observed through BambooHR.	Open
Provider filtered search	The same provider as a filtered job collection.	Open
City jobs	Active postings in Dublin 2.	Open
Department jobs	Active postings in InfoSec.	Open
Lifecycle events	Open, update, close, and reopen events for this posting.	Open
Original posting	Canonical source or apply URL captured from the ATS.	Open

Linked records

Company	Beqom
Source	d47850b4-64e8-42c3-8fdb-974b6ddc80ee
ATS provider	BambooHR

Description

Join beqom - where tech meets impact beqom is a high-growth B2B SaaS company that provides industry-leading tools for pay equity and transparency, compensation, and performance management. Trusted by some of the world’s most respected companies, beqom enables HR and business leaders to navigate global compliance and make smarter pay decisions that attract, retain, and motivate top talent. Founded in Switzerland and serving clients worldwide, our powerful, enterprise-ready products are fueled by beqom pay intelligence. Role Overview We are seeking an experienced Compliance & Information Security Analyst to own and manage our compliance and third-party risk management (TPRM) function. This is a hands-on role that sits at the intersection of information security, legal/contractual review, and vendor risk management. The successful candidate will be the primary point of contact for inbound client governance, risk & compliance (GRC) requests, will manage our own vendor and sub-contractor due diligence programme, and will review information security obligations embedded in client and prospect contracts. This role is critical in maintaining client trust, supporting sales cycles, and ensuring the company meets its obligations as a responsible data processor and technology provider. What you'll be doing Client GRC Questionnaires & Third-Party Risk Management (TPRM) Receive, triage, and complete inbound GRC / security questionnaires submitted by existing and prospective clients as part of their vendor assessment and TPRM processes. Develop and maintain a master response library to accelerate questionnaire completion, covering areas such as data security, access controls, business continuity, incident response, and privacy. Coordinate with internal stakeholders (Engineering, Product, Operations, Legal) to gather accurate, up-to-date technical evidence and supporting documentation. Track questionnaire status, deadlines, and outcomes; maintain a central log and escalate blockers in a timely manner. Build relationships with client procurement, risk, and security contacts to manage ongoing TPRM obligations efficiently. Evidence-Based GRC Questionnaires Manage questionnaires that require formal documentary evidence — such as policies, audit reports (e.g. SOC 2, ISO 27001), penetration test summaries, data processing agreements, and certifications. Maintain a structured evidence repository, ensuring documents are current, version-controlled, and accessible for rapid submission. Identify gaps between client evidence requirements and the company's current documentation; work with the Head of Information Security and Compliance or relevant leads to close those gaps. Information Security Review of MSAs & Client Contracts Review information security, data protection, and compliance clauses within Master Service Agreements (MSAs) and other commercial contracts from clients and prospects. Identify obligations and requirements (e.g. audit rights, subprocessor notifications, breach notification timescales, data residency, encryption standards) and assess the company's ability to comply. Liaise with Legal counsel and the Head of Information Security and Compliance to flag materially onerous or non-standard terms; assist in drafting redlines and proposed alternative language where appropriate. Maintain a tracker of contractual information security obligations to ensure ongoing compliance post-signature. Vendor & Sub-Contractor TPRM Design and operate a structured TPRM programme for the company's own vendors and sub-contractors who process client data or have access to company systems. Conduct initial and periodic risk assessments of vendors, including completion of security questionnaires, review of their compliance certifications, and assessment of contractual controls. Categorise vendors by risk tier and ensure appropriate due diligence is applied proportionate to the nature and sensitivity of the relationship. Maintain a vendor risk register, tracking assessment outcomes, remediation actions, and review schedules. Report on vendor risk posture to relevant internal stakeholders on a regular cadence. Skills & Experience Proven experience in a compliance, information security, GRC, or vendor risk management role, ideally within a SaaS, technology, or regulated industry context. Demonstrable experience completing complex security and GRC questionnaires (e.g. SIG, CAIQ, bespoke client questionnaires) and compiling supporting evidence packs. Familiarity with common information security frameworks and standards: ISO/IEC 27001, SOC 2, NIST CSF, CIS Controls, GDPR / data protection legislation. Experience reviewing and interpreting information security provisions in commercial contracts (MSAs, DPAs, SaaS agreements). Strong organisational skills — able to manage multiple concurrent questionnaires and workstreams, prioritise effectively, and meet deadlines. Excellent written and verbal communication skills, with the ability to translate technical security concepts for non-technical audiences (legal, sales, procurement). Proficiency in maintaining documentation, trackers, and evidence repositories; high attention to detail and accuracy. Bonus points if you have: Relevant certification such as CISA, CRISC, CISSP, ISO 27001 Lead Implementer/Auditor, CIPP/E, or equivalent. Experience working with or within enterprise clients in regulated sectors such as financial services, healthcare, or energy. Familiarity with data residency requirements and cross-border data transfer mechanisms (SCCs, BCRs). Experience using GRC platforms or questionnaire automation tools (e.g. OneTrust, Vanta, SecurityScorecard). Understanding of SaaS product architectures and cloud environments (AWS, Azure) from a security and compliance perspective. Experience managing sub-processor registers and responding to data subject rights requests. Why join us? Your career, your design. Unleash your ambition in our dynamic, autonomous environment. Drive meaningful change. Build a fairer future for every employee by joining a market leader that is improving the world of work. Belong to something bigger. Collaborate with a passionate, diverse and talented team around the globe.

Full job record

Job ID	e79f21963ff90f8bb5c520c79fbb5b70d7ff29ca
Org ID	1607201f-f9f2-45e7-b1f3-3d28781ce876
Source ID	d47850b4-64e8-42c3-8fdb-974b6ddc80ee
Board ID	d47850b4-64e8-42c3-8fdb-974b6ddc80ee
Provider	bamboohr
Provider Job Key	346
Title	Compliance & Information Security Analyst
Normalized Title	—
Status	active
Active	yes
Location Text	Dublin 2, Dublin, D02 H270, Ireland
Department	InfoSec
Team	—
Employment Type	full_time
Workplace Type	—
Remote Policy	—
Country	—
Region	Dublin
City	Dublin 2
Salary Raw	—
Salary Min	—
Salary Max	—
Salary Currency	—
Salary Period	—
Source URL	https://beqom.bamboohr.com/careers/346
Apply URL	https://beqom.bamboohr.com/careers/346
First Seen At	2026-05-30 06:06:33Z
Last Seen At	2026-06-06 08:47:17Z
Last Checked At	2026-06-06 08:47:17Z
Last Changed At	2026-05-30 06:06:33Z
Inactive At	—
Source Posted At	2026-04-07 00:00:00Z
Source Updated At	—
Raw Payload Uri	s3://job-postings-prod-raw-590183727216/raw/provider=bamboohr/board=beqom/date=2026-06-06/2026-06-06T08-47-12-203Z-5c018339bbe0f0675b351fd8396f70664f98de6fc0693ba58f30778c5b0f2db4.json

Event Fields

{
  "content_hash": "a69fbce76ed0d339007a184dc3b4bc9d0d2f38a040b8d55cabcbde31e616807e",
  "source_hash": "2dcf814e59fabb9727acbfeeb9ee0177c2482b6ab98764adb424baed8ed6e002",
  "last_changed_at": "2026-05-30T06:06:33.160Z",
  "active_status": "active"
}

Parsed Structured

{
  "language": "en",
  "location": {
    "raw": "Dublin 2, Dublin, D02 H270, Ireland",
    "city": "Dublin 2",
    "region": "Dublin",
    "country": null,
    "is_remote": false,
    "confidence": 0.8
  },
  "salary_max": null,
  "salary_min": null,
  "inferred_at": "2026-06-06T08:47:16.984Z",
  "launch_scope": {
    "reason": "bamboohr_production_catalog",
    "included": true,
    "location": {
      "raw": "Dublin 2, Dublin, D02 H270, Ireland",
      "city": "Dublin 2",
      "region": "Dublin",
      "country": null,
      "is_remote": false,
      "confidence": 0.8
    },
    "countries": []
  },
  "remote_policy": null,
  "salary_period": null,
  "workplace_type": null,
  "salary_currency": null
}

Extensions

{}

Native Structured

{
  "list_job": {
    "id": "346",
    "isRemote": null,
    "location": {
      "city": "Dublin 2",
      "state": "Dublin"
    },
    "atsLocation": {
      "city": null,
      "state": null,
      "country": null,
      "province": null
    },
    "departmentId": "19087",
    "locationType": "2",
    "jobOpeningName": "Compliance & Information Security Analyst",
    "departmentLabel": "InfoSec",
    "employmentStatusLabel": "Full-Time"
  },
  "detail_errors": [],
  "detail_job_opening": {
    "location": {
      "city": "Dublin 2",
      "state": "Dublin",
      "postalCode": "D02 H270",
      "addressCountry": "Ireland"
    },
    "datePosted": "2026-04-07",
    "atsLocation": {
      "city": null,
      "state": null,
      "country": null,
      "countryId": null
    },
    "description": "<p><span style=\"color: rgb(195, 0, 20); font-family: Inter, sans-serif; font-size: 10pt; font-weight: bold\">Join beqom - where tech meets impact</span></p>\n<p><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">beqom is a high-growth B2B SaaS company that provides industry-leading tools for pay equity and transparency, compensation, and performance management.</span></p>\n<p><br></p>\n<p><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Trusted by some of the world’s most respected companies, beqom enables HR and business leaders to navigate global compliance and make smarter pay decisions that attract, retain, and motivate top talent.</span></p>\n<p><br></p>\n<p><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Founded in Switzerland and serving clients worldwide, our powerful, enterprise-ready products are fueled by beqom pay intelligence.</span></p>\n<p><br></p>\n<p><span style=\"color: rgb(186, 55, 42); font-family: Inter, sans-serif; font-size: 10pt; font-weight: bold\">Role Overview</span></p>\n<p><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">We are seeking an experienced Compliance &amp; Information Security Analyst to own and manage our compliance and third-party risk management (TPRM) function. This is a hands-on role that sits at the intersection of information security, legal/contractual review, and vendor risk management.</span></p>\n<p><br></p>\n<p><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">The successful candidate will be the primary point of contact for inbound client governance, risk &amp; compliance (GRC) requests, will manage our own vendor and sub-contractor due diligence programme, and will review information security obligations embedded in client and prospect contracts. This role is critical in maintaining client trust, supporting sales cycles, and ensuring the company meets its obligations as a responsible data processor and technology provider.</span></p>\n<p><br></p>\n<p><span style=\"color: rgb(186, 55, 42); font-family: Inter, sans-serif; font-size: 10pt; font-weight: bold\">What you'll be doing</span></p>\n<p><br></p>\n<p><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt; font-weight: bold\">Client GRC Questionnaires &amp; Third-Party Risk Management (TPRM)</span></p>\n<ul>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Receive, triage, and complete inbound GRC / security questionnaires submitted by existing and prospective clients as part of their vendor assessment and TPRM processes.</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Develop and maintain a master response library to accelerate questionnaire completion, covering areas such as data security, access controls, business continuity, incident response, and privacy.</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Coordinate with internal stakeholders (Engineering, Product, Operations, Legal) to gather accurate, up-to-date technical evidence and supporting documentation.</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Track questionnaire status, deadlines, and outcomes; maintain a central log and escalate blockers in a timely manner.</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Build relationships with client procurement, risk, and security contacts to manage ongoing TPRM obligations efficiently.</span></li>\n</ul>\n<p><br></p>\n<p><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt; font-weight: bold\">Evidence-Based GRC Questionnaires</span></p>\n<ul>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Manage questionnaires that require formal documentary evidence — such as policies, audit reports (e.g. SOC 2, ISO 27001), penetration test summaries, data processing agreements, and certifications.</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Maintain a structured evidence repository, ensuring documents are current, version-controlled, and accessible for rapid submission.</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Identify gaps between client evidence requirements and the company's current documentation; work with the Head of Information Security and Compliance or relevant leads to close those gaps.</span></li>\n</ul>\n<p><br></p>\n<p><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt; font-weight: bold\">Information Security Review of MSAs &amp; Client Contracts</span></p>\n<ul>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Review information security, data protection, and compliance clauses within Master Service Agreements (MSAs) and other commercial contracts from clients and prospects.</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Identify obligations and requirements (e.g. audit rights, subprocessor notifications, breach notification timescales, data residency, encryption standards) and assess the company's ability to comply.</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Liaise with Legal counsel and the Head of Information Security and Compliance to flag materially onerous or non-standard terms; assist in drafting redlines and proposed alternative language where appropriate.</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Maintain a tracker of contractual information security obligations to ensure ongoing compliance post-signature.</span></li>\n</ul>\n<p><br></p>\n<p><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt; font-weight: bold\">Vendor &amp; Sub-Contractor TPRM</span></p>\n<ul>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Design and operate a structured TPRM programme for the company's own vendors and sub-contractors who process client data or have access to company systems.</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Conduct initial and periodic risk assessments of vendors, including completion of security questionnaires, review of their compliance certifications, and assessment of contractual controls.</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Categorise vendors by risk tier and ensure appropriate due diligence is applied proportionate to the nature and sensitivity of the relationship.</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Maintain a vendor risk register, tracking assessment outcomes, remediation actions, and review schedules.</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Report on vendor risk posture to relevant internal stakeholders on a regular cadence.</span></li>\n</ul>\n<p><br></p>\n<p><span style=\"color: rgb(186, 55, 42); font-family: Inter, sans-serif; font-size: 10pt; font-weight: bold\">Skills &amp; Experience</span></p>\n<p><br></p>\n<ul>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Proven experience in a compliance, information security, GRC, or vendor risk management role, ideally within a SaaS, technology, or regulated industry context.</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Demonstrable experience completing complex security and GRC questionnaires (e.g. SIG, CAIQ, bespoke client questionnaires) and compiling supporting evidence packs.</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Familiarity with common information security frameworks and standards: ISO/IEC 27001, SOC 2, NIST CSF, CIS Controls, GDPR / data protection legislation.</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Experience reviewing and interpreting information security provisions in commercial contracts (MSAs, DPAs, SaaS agreements).</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Strong organisational skills — able to manage multiple concurrent questionnaires and workstreams, prioritise effectively, and meet deadlines.</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Excellent written and verbal communication skills, with the ability to translate technical security concepts for non-technical audiences (legal, sales, procurement).</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Proficiency in maintaining documentation, trackers, and evidence repositories; high attention to detail and accuracy.</span></li>\n</ul>\n<p><br></p>\n<p><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt; font-weight: bold\">Bonus points if you have:</span></p>\n<ul>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Relevant certification such as CISA, CRISC, CISSP, ISO 27001 Lead Implementer/Auditor, CIPP/E, or equivalent.</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Experience working with or within enterprise clients in regulated sectors such as financial services, healthcare, or energy.</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Familiarity with data residency requirements and cross-border data transfer mechanisms (SCCs, BCRs).</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Experience using GRC platforms or questionnaire automation tools (e.g. OneTrust, Vanta, SecurityScorecard).</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Understanding of SaaS product architectures and cloud environments (AWS, Azure) from a security and compliance perspective.</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\">Experience managing sub-processor registers and responding to data subject rights requests.</span></li>\n</ul>\n<p><br></p>\n<p><span style=\"color: rgb(195, 0, 20); font-family: Inter, sans-serif; font-size: 10pt; font-weight: bold\">Why join us?</span></p>\n<ul>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\"><span style=\"font-weight: bold\">Your career, your design.</span> Unleash your ambition in our dynamic, autonomous environment.</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\"><span style=\"font-weight: bold\">Drive meaningful change.</span> Build a fairer future for every employee by joining a market leader that is improving the world of work.</span></li>\n<li><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif; font-size: 10pt\"><span style=\"font-weight: bold\">Belong to something bigger. </span>Collaborate with a passionate, diverse and talented team around the globe.</span></li>\n</ul>",
    "compensation": null,
    "departmentId": "19087",
    "locationType": "2",
    "seekPromoted": false,
    "jobCategoryId": null,
    "jobOpeningName": "Compliance & Information Security Analyst",
    "departmentLabel": "InfoSec",
    "jobOpeningStatus": "Open",
    "minimumExperience": "Mid-level",
    "jobOpeningShareUrl": "https://beqom.bamboohr.com/careers/346",
    "employmentStatusLabel": "Full-Time"
  }
}

Get this page with API

Rendered from the bluedoor Job Postings API. Reproduce it:

GET https://api.bluedoor.sh/job-postings/v1/jobs/e79f21963ff90f8bb5c520c79fbb5b70d7ff29ca?include=descriptionJSON

GET https://api.bluedoor.sh/job-postings/v1/orgs/1607201f-f9f2-45e7-b1f3-3d28781ce876JSON

GET https://api.bluedoor.sh/job-postings/v1/sources/d47850b4-64e8-42c3-8fdb-974b6ddc80eeJSON

GET https://api.bluedoor.sh/job-postings/v1/jobs/e79f21963ff90f8bb5c520c79fbb5b70d7ff29ca/eventsJSON

Docs · Get an API key