
DEPT · Skopje
Skopje, Zagreb, Split, hybrid DEPT® is a Growth Invention company built to help the world’s most ambitious brands grow faster. Operating at the intersection of...
Skopje, Zagreb, Split, hybrid
DEPT® is a Growth Invention company built to help the world’s most ambitious brands grow faster. Operating at the intersection of
technology and marketing, our 4,000+ specialists deliver growth invention services across Brand & Media, Experience, Commerce,
CRM, and Technology & Data. We’re 50|50 tech and marketing, partner-led, and first to move. Clients include Google, Lufthansa,
Meta, eBay, and OpenAI. We have been certified B Corp and Climate Neutral since 2021.
We are looking for a motivated Associate Information Security Specialist to join our growing security team in Croatia or North
Macedonia. This role is a career-accelerating entry point for an ambitious professional looking to shape themselves under top-tier
mentorship.
You will work alongside our Information Security Officer to support audits, ISMS related operational tasks, and map our
company-wide AI inventory. In the long term, you will transition into a direct-report role under our returning Global Information
Security Officer, stepping up to take continuous support of our dual ISO 27001 and ISO 42001 compliance lifecycles.
and asset onboarding verification.
ISMS.Online, gathering system metrics from departments across the global organization.
metrics.
Day-to-Day Expectations & Execution
documentation, and operational workflows of our ISMS.
questions and proactively pushing clear updates and awareness reminders out to the organization regarding best practices.
experts and internal engineers, assisting them in executing and tracking technical security measures.
documenting timelines, and assisting the broader response team in quick resolution.
playing a proactive role in keeping data security top-of-mind for our clients.
Using ISO frameworks as a clear starting point, you will help identify how the security team can better support their unique
operational workflows.
security stance. You will organize and prepare evidence packages to support internal audits, external audits, and client due
diligence reviews.
reporting materials that give the executive team clear visibility into our security posture and improvement areas.
automate tedious compliance logging and documentation tasks, helping our lean security team work much more efficiently.
WHAT YOU'll BRING
controls).
engineering and product teams to gather asset information.
celebrate all of our successes together!
training, development and certifications.
We are a Growth Invention company built to help the world’s most ambitious brands grow faster. Operating at the intersection of
technology and marketing, we create what is next by pioneering ideas, acting fast, and moving further because standing still just
is not in our DNA.
We are drawn to people who stay curious, move with intent, and never stop inventing. Our culture runs on three values: better
together, relentlessly curious, and get sh*t done. It is how we work, how we grow, and how we make things that matter.
At DEPT®, you will find the freedom to explore, the space to collaborate, and the trust to make a real impact for our clients, for
each other, and for the world we are helping to build.
At DEPT®, we take pride in creating an inclusive workplace where everyone has an equal opportunity to thrive. We actively seek to
recruit, develop, nurture, and retain talented individuals from diverse backgrounds, with varying skills and perspectives.
Not sure you meet all qualifications? Apply, and let us decide! Research shows that women and members of underrepresented groups
tend not to apply for jobs when they think they may not meet every requirement, when in fact they do. We believe in giving
everyone a fair chance to shine.
We also encourage you to reach out to us and discuss any reasonable adjustments we can make to support you throughout the
recruitment process and your time with us.
Want to know more about our dedication to diversity, equity, and inclusion? Check out our efforts here.
Who we are S-RM is a global intelligence and cyber security consultancy. Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges. We’ve been able to do this because of our outstanding people. We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success. But we also know that work isn’t everything. It’s about the lives and careers it helps us build. We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day. The role Our Incident Response Technical Leads are a critical part of our Cyber Security division's success. As a Technical Lead, and a subject matter expert, you will deploy your incident response expertise in a senior delivery role across our incident response services. You will work across the full lifecycle of security incidents to help our clients respond and recover, including: * Supporting technical incident response from first contact through to closure: you will be the primary technical resource on response cases, deploying your own expertise, creating tailored strategies for response workstreams, and offering guidance to colleagues on your project team. * Overseeing host- and network-based incident response investigations: including triage, system recovery, technical evidence collection, and forensics, log, malware and root cause analyses. * Technical evidence collection from clients’ environments to prepare for forensic investigations. * Providing containment and recovery advice to Client’s during and after cyber incidents. * Developing and sharing domain expertise: we will support you in growing your cyber expertise, including sharing your expertise with the wider cyber team through internal initiatives and programs. * Occasionally, you may also be required to provide overarching project management support, including coordinating non-technical workstreams, and providing verbal or in-person client updates. * Participating in an on-call rotation with the rest of the global cyber team to provide 24x7x365 client incident coverage. Other features of the role include: * Leadership: As a senior technical lead, you’ll have an opportunity to help lead the rest of the APAC incident response team, act as an escalation point for more junior colleagues, and help ensure work produced by the team meets quality standards. * Variety of casework: no day will be the same. Our team responds to a huge variety of incidents for both public and corporate clients. You will have exposure to both regional and international cyber incidents. * Range of opportunities: you will have opportunities to broaden your security awareness into testing and advisory projects, in addition to deepening your incident response expertise. * Flexible working practices: responding to incidents can be intense, high-pressure work. We are mindful of our team's work/life balance and offer flexible working options to support your wellbeing. We're looking for: * Direct experience working in an Incident Response or Digital Forensics team is strongly preferred, however, candidates with exposure to working with Incident Response teams, or those in roles reflecting aspects of Incident Response will be considered. * Strong domain knowledge across computer systems and networks, including: * Windows systems (e.g. Managing domains services, creating standard build templates, using SCCM, moderate PowerShell capabilities, etc.) * Networking (e.g. managing firewall rules, providing guidance around network segmentation, DNS, etc.) * Virtualisation technologies (e.g. ESXi, Hyper-V, etc.) * Endpoint Detection & Response solutions. * The candidate must be able to demonstrate experience conducting forensic investigations, in particular relating to Windows systems. Additional experience conducting investigations into Linux and MacOS systems is preferred. * Demonstrable understanding of core incident response workstreams, including containment and restoration/recovery is a benefit. * You are comfortable using scripting to solve cyber security problems and ideally be able to demonstrate an interest in doing so, e.g. through your own research projects or prior experience. * A critical and investigative mindset. You should be comfortable solving problems with limited information and guidance, developing proportionate strategies to achieve timely outcomes. * Clear demonstrable knowledge of cyber threat actors, and their tactics, techniques, and procedures. * Strong communication skills. You should be comfortable speaking to people at all levels of an organization, from the board of directors to the technical teams. * It is preferred (but not required) that candidates hold one of the following certifications (or equivalent) GCFE, GCFA, GCIH, GNFA. However, holding any of the following is also beneficial: EnCE, CFSR, CISSP, GREM, CCNA, MCFE, OSCP, Network+ and Security+ * A working proficiency in another language (such as Malay, Tamil, Mandarin, Cantonese, Vietnamese) is also beneficial, although not required. The successful candidate must have permission to work in Malaysia by the start of their employment. OUR BENEFITS We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, including: * 20 days paid holiday each year: in addition to public holidays, as well as 1 additional day of leave for every year you work at S-RM up to a maximum of 5 days. * Flexible working: work a minimum of two days a week in the office and the remainder remotely, choose your hours between 7am and 7pm. * Pension scheme: S-RM contributes to Employees Provident Fund (EPF) in accordance with legislative requirements. * Life Insurance: help someone you love should something happen to you. (Further details coming soon.) * Company-paid private medical and dental insurance. (Further details coming soon.) * Company-paid maternity, paternity and fertility treatment leave. * Employee Assistance Programme: free access to specialist support services, including counselling, as well as an online portal of useful articles, tips and tools. Available 24/7, 365 days a year. The role will be based in our office in Kuala Lumpur. However, we have flexible working arrangements available.
ASSOCIATE (FORENSICS LEAD), INCIDENT RESPONSE APAC Who we are S-RM is a global intelligence and cyber security consultancy. Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges. We’ve been able to do this because of our outstanding people. We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success. But we also know that work isn’t everything. It’s about the lives and careers it helps us build. We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day. We’re excited you’re thinking about joining us The role Our Incident Response Associates are a critical part of our Cyber Security division's success. As a Forensics Lead on our Incident Response team, you will deploy your expertise in a delivery role across our various incident response services, with a particular focus on forensic investigations into complex cyber incidents. You will work across the full lifecycle of security incidents to help our clients respond and recover, including: * Supporting technical incident response from first contact through to closure: you will be a technical resource on response cases, deploying your own expertise, creating tailored strategies for response workstreams, and offering guidance to colleagues on your project team. You may also be supported by more senior technical team members where appropriate. Overseeing host- and network-based incident response investigations: including triage, system recovery, technical evidence collection, and forensics, log, malware and root cause analyses.. * Developing and sharing domain expertise: we will support you in growing your cyber expertise, including sharing it with the wider team through internal initiatives and programs. * Participating in an on-call rotation to provide 24x7x365 client incident coverage. Other features of the role include: * Variety of casework: no day will be the same. Our team responds to a huge variety of incidents for both public and corporate clients. * Range of opportunities: you will have opportunities to broaden your security awareness into testing and advisory projects, in addition to deepening your incident response expertise. * Flexible working practices: responding to incidents can be intense, high-pressure work. We are mindful of our team's work/life balance and offer flexible working options to support your wellbeing. We're looking for: * Direct experience working in an Incident Response or Digital Forensics team is strongly preferred, however, candidates with exposure to working with Incident Response teams, or those in roles reflecting aspects of Incident Response will be considered. * A fundamental understanding of computer systems and networks, including: * Windows systems (e.g. Managing domains services, creating standard build templates, using SCCM, moderate PowerShell capabilities, etc.) * Networking (e.g. managing firewall rules, providing guidance around network segmentation, DNS, etc.) * Virtualisation technologies (e.g. ESXi, Hyper-V, etc.) * Endpoint Detection & Response solutions. * The candidate must be able to demonstrate experience conducting forensic investigations, in particular relating to Windows systems. Additional experience conducting investigations into Linux and MacOS systems is preferred. * Demonstrable understanding of core incident response workstreams, including containment and restoration/recovery is a benefit. * A critical and investigative mindset. You should be comfortable solving problems with limited information and guidance, developing proportionate strategies to achieve timely outcomes. * Clear demonstrable knowledge of cyber threat actors, and their tactics, techniques, and procedures. * Strong communication skills. You should be comfortable speaking to people at all levels of an organization, from the board of directors to the technical teams. * It is preferred, but not required, that candidates hold one of the following certifications (or equivalent) GCFE, GCFA, GCIH, GNFA. However, holding any of the following is beneficial: EnCE, CFSR, CISSP, GREM, CCNA, MCFE, OSCP, Network+ and Security+ * A working proficiency in another language (such as Malay, Tamil, Mandarin, Cantonese, Vietnamese) is also beneficial, although not required. The successful candidate must have permission to work in Malaysia by the start of their employment. OUR BENEFITS We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, including: * 20 days paid holiday each year: in addition to public holidays, as well as 1 additional day of leave for every year you work at S-RM up to a maximum of 5 days. * Flexible working: work a minimum of two days a week in the office and the remainder remotely, choose your hours between 7am and 7pm. * Pension scheme: S-RM contributes to Employees Provident Fund (EPF) in accordance with legislative requirements. * Life Insurance: help someone you love should something happen to you. * Company-paid private medical and dental insurance. * Company-paid maternity, paternity and fertility treatment leave. Employee Assistance Programme: free access to specialist support services, including counselling, as well as an online portal of useful articles, tips and tools. Available 24/7, 365 days a yea The role will be based in our office in Kuala Lumpur. However, we have flexible working arrangements available.
CYBER RISK ADVISORY CONSULTANT, UTRECHT (HYBRID) WHO WE ARE S-RM is a global intelligence and cybersecurity consultancy. Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges. We’ve been able to do this because of our outstanding people. We’re committed to developing bright, curious, driven individuals who want to think critically, solve complex problems, and achieve success. But we also know that work isn’t everything, it’s about the lives and careers it helps us build. We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day. We’re excited you’re thinking about joining us. WORKING IN CYBER AT S-RM Our Cyber Security practice is the newest and fastest-growing part of S-RM. The cyber sector is always evolving, and our Advisory, Testing, Incident Response and Forensics practices are in more demand than ever. We’re building a team to meet this challenge. This means we’re quick to respond, innovate, and improve. We don’t get too hung up on hierarchy or bureaucracy. If your ideas are good enough, we’ll empower you to implement them. If you’re the best person to talk to a customer, you’ll get that opportunity, regardless of the title in your email signature. And when you need a hand, your team will always have your back. We also don’t believe there’s a typical cyber security professional. We’ve built a team of intelligence analysts, technical specialists, software developers, investigators, risk managers, and more. You’ll always find a range of perspectives and expertise to help you learn and grow. If that sounds like your kind of team, we’d like to hear from you. THE ROLE Cyber Risk and Resilience Associates lead cyber consultancy engagements within a fast-growing and highly regarded practice, with the opportunity to take on real responsibility early in their careers. You will work closely with clients to understand their challenges, lead project teams and deliver thoughtful, high-quality solutions across a broad range of cyber risk management and resilience activities. As part of a leading cyber security consultancy, you will help clients navigate complex and evolving security risks while building trusted adviser relationships. You will also work with colleagues across international consulting teams, supporting clients in the UK and globally, with exposure to a wide variety of sectors, challenges and senior stakeholders. Our Associates are project managers, people managers and consultants. You will join a collaborative and diverse team drawn from a wide range of professional backgrounds, within an organisation known for its pace, openness and genuinely cross-team approach. This role offers the chance to develop quickly through a mix of client delivery, team leadership, commercial exposure and access to internal and external training, while contributing to the growth of established and emerging service areas. RESPONSIBILITIES Cyber Security Consulting: At the core of the Associate role is hands-on cyber security consulting. You will lead delivery across multiple domain areas, including: * Incident Response Preparedness * Cyber incident response strategy, policy, and plan development. * Simulation exercising at leadership and operational levels. * Digital Resilience * Business impact analysis, business continuity and disaster recovery planning * Cyber regulations, governance and compliance * Threat Intelligence * Technical security * Identity and Access Management * Data security and integrity * Network and Infrastructure Security Project Management: S-RM Consultants are also accomplished project managers and team leaders. In this role, you will: * Lead complex projects independently * Manage client engagement, communication and project planning activities * Lead client workshops and information gathering discussions * Oversee technical and governance focussed implementation plans * Work with internal client project teams, subcontractors and partners * Understand and utilise the full range of S-RM’s people and expertise * Manage junior colleagues and oversee career development Client Engagement, Account Management and Business Development: Our Associates play an important role in business development. This is a position for someone who wants to help shape client solutions as well as deliver them, and you will support the Sales team in the following areas: * Engage with clients to understand their cyber security challenges * Innovate solutions, create, propose and pitch cyber security engagements * Contribute to the expansion of client accounts and winning new business This role would suit an ambitious security consultant looking for the next step: someone ready to take on meaningful client responsibility, broaden their experience across multiple cyber domains, and develop in a supportive but high-performing environment. It offers the chance to build consulting, leadership and commercial experience in parallel, while working alongside colleagues from a wide range of professional backgrounds. Skills and Experience Required: * 2+ years of experience in information security, cyber roles and/or technical domains. * Prior consulting experience in a cyber role. * Ability and willingness to manage complex projects. * Excellent presentational skills, written work and attention to detail. Strongly Preferred: * Demonstrable knowledge of: * Incident response policies, plans and playbooks. * Cyber Security frameworks, standards and regulations * Information security principles, tools, technologies and techniques * Technical cyber knowledge, including: * Cloud Security * Identity and Access Management * Software development lifecycle * Operational Technology * Industry accreditation such as SANS Institute, Security+, CISM, CISSP or ISO27001; The successful candidate must have permission to work in the Netherlands by the start of their employment. OUR BENEFITS We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, this includes but is not exhaustive of: * Maternity leave: 26 weeks full pay followed by 13 weeks half pay * Paternity leave: 6 weeks of full pay * 25 holiday days per year, which increases with service to a maximum of 30 days + public holidays * 7% matching pension contribution * Several options around mobility such as an OV-card or a lease car * 4 x annual salary life insurance * EAP for your mental wellbeing, including counselling sessions available to you and your family * Free access to the world-famous mindfulness app Headspace * Flexible working hours * Extensive training available, including through LinkedIn Learning with access to more than 13,000 different courses The role will be based in our Utrecht office. However, we have flexible working arrangements available. To apply for this role, please submit a CV and cover letter to: Job Application for Cyber Risk Advisory Consultant at S-RM