Cyber Security Analyst

Job Description

About Unreconciled: Unreconciled is a fast-growing fractional finance firm that provides end-to-end financial management solutions to startups, tech companies, and creative agencies globally. With offices in Ahmedabad and Kochi, we serve clients across the UK, US, and beyond, handling sensitive financial data that requires the highest level of security and compliance. Job Summary: We are seeking a proactive and detail-oriented Junior Cybersecurity Analyst to assist in enhancing and securing our IT infrastructure. The ideal candidate will play a crucial role in implementing and managing security measures essential for an accounting firm handling end-to-end finance functions. This includes setting up and managing tools such as Google Chrome Managed Browser, Active Directory (AD), Sophos Management, 1Password, and securing payment systems on laptops. As we scale from 30 to 100 employees over the next two years, this role is critical in building a robust security foundation that protects both our internal operations and our clients' sensitive financial information. Key Responsibilities: Core Security Implementation: Google Chrome Managed Browser Setup: Configure and deploy managed browser settings to ensure secure and compliant internet usage across the organization Implement policies to control extensions, updates, and security settings Active Directory (AD) Setup: Assist in the design and implementation of AD structures, including user accounts, groups, and organizational units Manage group policies to enforce security settings and access controls Sophos Management: Deploy and manage Sophos endpoint protection across all company devices Monitor security alerts and assist in incident response activities 1Password Management: Implement and manage 1Password for secure password storage and sharing among team members Educate staff on best practices for password management and security Securing Payment Systems on Laptops: Ensure that laptops used for payment processing are secured with encryption and up-to-date security patches Implement multi-factor authentication (MFA) and other security measures to protect sensitive financial data Security Operations & Compliance: Access and Identity Management: Implement role-based access controls to ensure employees have access only to the information necessary for their roles Regularly review and update access permissions, especially when employees change roles or depart from the company Employee Education and Training: Conduct regular cybersecurity awareness training sessions to educate staff on recognizing phishing attempts and other social engineering attacks Develop and enforce a clear cybersecurity policy that outlines acceptable use of company resources and data handling procedures Data Encryption: Ensure that all sensitive data, both at rest and in transit, is encrypted using industry-standard encryption protocols Utilize encrypted communication channels, such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS), for transmitting sensitive information Regular Software Updates and Patch Management: Maintain an inventory of all software and hardware assets to ensure timely updates and patching Establish a routine schedule for applying security patches to operating systems, applications, and firmware to mitigate vulnerabilities Network Security: Deploy firewalls to monitor and control incoming and outgoing network traffic based on predetermined security rules Implement intrusion detection and prevention systems (IDPS) to identify and respond to potential security breaches in real-time Business Continuity & Risk Management: Data Backup and Recovery: Regularly back up all critical data to secure, off-site locations to prevent loss in case of a security incident Develop and test a disaster recovery plan to ensure business continuity in the event of a cyberattack or data breach Third-Party Risk Management: Conduct thorough due diligence on third-party vendors to assess their cybersecurity posture before engaging in business relationships Establish clear contractual agreements that outline security expectations and responsibilities for safeguarding shared data Regular Security Audits and Assessments: Perform periodic security audits to evaluate the effectiveness of existing security measures and identify areas for improvement Utilize vulnerability scanning tools to detect and remediate security weaknesses proactively Incident Response Planning: Develop a comprehensive incident response plan that outlines procedures for detecting, responding to, and recovering from cybersecurity incidents Conduct regular drills and simulations to ensure all team members are prepared to act swiftly and effectively during a security event Compliance with Regulatory Standards: Stay informed about relevant cybersecurity regulations and standards applicable to the accounting industry, such as the NIST Cybersecurity Framework Ensure that all security practices align with legal requirements to avoid potential penalties and maintain client trust Support ISO 27001 and GDPR compliance initiatives Qualifications: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field Basic understanding of cybersecurity principles and best practices Familiarity with tools such as Active Directory, endpoint protection software, password managers, and VPNs is a plus Strong problem-solving skills and attention to detail Excellent communication and teamwork abilities Key Competencies: Technical Proficiency Analytical Thinking Attention to Detail Effective Communication Proactive Learning What Makes This Role Unique at Unreconciled: Protect financial data for high-growth startups and Web3 companies Work across two offices (Ahmedabad and Kochi) managing security infrastructure Direct reporting to Jay Desai (CTO) with significant autonomy Opportunity to build security framework from ground up as we scale Exposure to international compliance requirements (UK/US data protection) Work Environment: Hours: 12:30 PM - 10:00 PM IST (with on-call responsibilities) Location: Ahmedabad office Team: Work independently while coordinating with CTO and external consultants Growth Path: Progress to IT Head or Security Engineer role Company Benefits: UK Work Culture: Collaborative environment with flat hierarchy 12 Fixed Holidays Per Year 18 Casual Leaves Per Year 14 Work from Home Days Per Year Best in Class Infrastructure Daily Dinner Provided Show more Show less