Cybersecurity Analyst (Governance & Risk)

eToro is the trading and investing platform that empowers users to invest, share, and learn. We were founded in 2007 with the vision of a world where everyone can trade and invest simply and transparently. We have created an investment platform that is built around collaboration and investor education. On our platform, users can view other investors’ portfolios and statistics, and interact with them to exchange ideas, discuss strategies, and benefit from shared knowledge. We have 40 million registered users from 75 countries, and our platform is available in 20 languages. eToro is an innovative, fast-growing business and is listed on Nasdaq in May 2025. We have over 1,500 employees across more than 10 offices around the globe, strategically positioned to serve the needs of users. You can find out more about eToro here.

Role summary

We are looking for a Cybersecurity Analyst to enhance our security governance, and risk management efforts. In this role, you will develop and maintain security policies, assess cybersecurity risks, and conduct vendor security reviews. You will be supporting the Governance, Risk and Compliance (GRC) Team Lead, and work closely with cross-functional teams to strengthen the organization’s security posture, ensure adherence to industry standards, and mitigate emerging risks. This is an exciting opportunity for a security professional looking to expand their expertise in a dynamic and fast-paced environment.

What will you be doing?



Risk Management & Security Architecture:

• Identify, assess, and mitigate cybersecurity risks across enterprise systems, cloud platforms, and applications.
• Design and oversee security architecture to support business objectives while ensuring compliance and risk mitigation.
• Collaborate with engineering teams to embed security-by-design principles and to ensure security best practices in cloud, application, and infrastructure security.
• Communicate and elucidate application security and cloud security issues identified through penetration tests and Bug Bounty programs, ensuring their remediation is tracked and managed.
• Proactively detect and address potential product security issues within the assigned area of responsibility, ensuring timely and effective resolution.
• Conduct security reviews and risk assessments for new technology deployments.
• Develop strategies for secure cloud adoption (Azure, AWS).

Policy Development:

• Write and maintain cybersecurity and privacy policies and procedures to ensure compliance with industry standards and regulations.

Business Continuity:

• Assist in executing and improving business continuity plans and testings.

Training and Awareness:

• Help develop and deliver security and privacy training programs; assist with phishing simulations and awareness campaigns.

Cyber & Privacy Support:

• Work alongside the BISO and IT department to support cybersecurity and privacy compliance efforts.

Vendor and Governance:

• Conduct security assessments of vendors, partners, and third-party service providers.
• Develop and implement a third-party risk management framework to align vendor security assessments with regulatory requirements.
• Stay updated on emerging threats, regulatory changes, and cybersecurity trends to improve GRC strategies.

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field (or equivalent experience).
• 3+ years of experience in cybersecurity, with a focus on GRC, risk management, and security architecture.
• Good knowledge of regulatory requirements (e.g., GDPR, NYDFS, PCI-DSS, NIST CSF, SOC 2).
• Strong written communication skills with an interest in policy development.
• Understanding of cybersecurity frameworks (e.g., NIST, ISO) and data privacy regulations (e.g., GLBA, CCPA).
• Strong organizational skills and the ability to manage multiple tasks in a remote environment.
• Experience in identifying and understanding application security issues such as findings from penetration tests and Bug Bounty programs, code scans.
• Relevant certifications (CISSP, CISM, CISA, CRISC, CCSP) are highly desirable.

What We Offer:

• Base salary range of $90,000 – 120,000
• Discretionary Annual bonus
• Hybrid work model
• Comprehensive benefits package
• Team events
• Cell phone stipend
• Daily lunch allowance
• Gym stipend
• 6% 401K match
• 100% insurance coverage for the employee

Location:

This position offers a hybrid work model with 2-3 days in office in our New York City office.