Comparus UA is the development and innovation center of Comparus GmbH, a German IT company with 17+ years of expertise in digital transformation, business process optimization, and complex IT solutions for the financial sector. We provide end-to-end delivery: from business analysis and system design to cloud infrastructure support.
Our primary client is a leading IT provider for the German cooperative banking sector, serving 900+ banks and millions of end users. This means we operate in a highly regulated environment where security, compliance, and precision are non-negotiable.
About the Role
This is a founding role — you will be the first Information Security Specialist at Comparus UA, responsible for building and establishing the information security practice from the ground up.
You will own the day-to-day security operations, lead ISO 27001 compliance efforts, and work closely with both Ukrainian and German colleagues to ensure our Information Security Management System (ISMS) meets the highest standards. If you are someone who thrives on ownership, enjoys shaping processes rather than just following them, and wants to make a tangible impact — this role is for you.
What You’ll Do
Implement, maintain, and enforce information security policies and procedures across the organization
Monitor security events and incidents; manage response and remediation processes
Conduct regular risk assessments and internal security audits
Manage cybersecurity tools and protection systems (firewalls, VPNs, access controls, etc.)
Deliver information security awareness training for employees
Ensure ongoing compliance with ISO 27001 and related standards
Create, review, and maintain ISMS documentation in Confluence, preparing the organization for certification audits
Collaborate with German colleagues on ISMS-related tasks: document preparation, reporting, and participation in cross-team meetings
Work with internal stakeholders (DevOps, Engineering, HR, Management) to embed security practices across all teams
Drive continuous improvement of security controls, processes, and tooling
What We’re Looking For
Must-have:
Solid understanding of information security fundamentals
Knowledge of ISO 27001 and ISO 27002; hands-on experience participating in or supporting ISO/IEC 27001 certification audits
Understanding of network security components: firewalls, switches, routers, VPNs
English: Intermediate (B1—B2) — you will communicate regularly with the German team in writing and in meetings
Nice to have:
Experience supporting or participating in corporate asset inventory checks
Upper-Intermediate or Advanced English (B2+/C1)
Familiarity with ISMS tooling and security monitoring platforms
What Success Looks Like in Your First 90 Days
Process & Standards
Familiarized with all company information security policies, procedures, and compliance requirements
Clear understanding of incident management, risk management, and access management workflows
Tools & Systems
All necessary system accesses provisioned and configured
Independently using core monitoring, analysis, and task management tools
ISMS documentation audit completed; roadmap for next certification stage drafted
Stakeholder Relationships
Working relationships established with key internal stakeholders: DevOps, Engineering, HR, and senior leadership
Active participation in security-related meetings, including regular syncs with the German team
Security Improvement
Initial assessment of current security processes and documentation gaps completed
First proposals for process, control, or tooling improvements submitted
What We Offer
Equipment: MacBook, dual 2K monitors, ergonomic workspace — or full remote setup if needed
Work schedule: 8-hour workday, no overtime
Vacation: 18–24 days of paid annual leave
Sick leave: 10 days with a medical certificate / 5 days without
Compensation: Full tax compensation
Environment: Small, focused team — your work has direct visi
