Information Systems Security Coordinator
Apply Now28Stone is one of just four capital markets companies in Latvia. But what really sets us apart is that all of our clients are in the US and UK. So we are operating on a truly global scale, building financial solutions for some of the most developed markets in the world. We are an IT consulting company specializing in capital markets technology and financial infrastructure- basically, we help major financial institutions operate more efficiently by creating custom software solutions. The capital markets space in Latvia is still pretty small, so working at 28Stone gives you a unique mix- you get to be part of a focused team, but also work on international projects that make a real impact. We celebrate winning the Top 1% Workplace Awards 2024 in the "Best Workplace for Talent Investment" category and are always seeking to expand our team with positive, open-minded and motivated individuals who are eager learn as well as share what they know. Your impact zones • Coordinate and oversee application vulnerability remediation efforts in partnership with engineering, DevOps, and product teams, ensuring alignment with enterprise security governance requirements. • Manage and track application onboarding into approved AppSec scanning tools (e.g., SAST, DAST, SCA), ensuring coverage, scan success, and adherence to secure coding and DevSecOps policy timelines. • Monitor security scan outputs, triage findings, and communicate risk-based remediation guidance to development teams, ensuring vulnerabilities are resolved within defined risk-based SLAs. • Support governance processes by coordinating policy exception, waiver, and risk acceptance submissions, ensuring appropriate justification, approvals, and documentation in line with GRC standards. • Plan, facilitate, and lead cross-functional remediation working sessions with engineering teams, platform owners, and third-party vendors to address remediation blockers and risk concerns. • Enforce secure coding and DevSecOps policy compliance by identifying gaps, monitoring adherence, and escalating non-compliance to engineering leadership, risk owners, and governance stakeholders as required. • Identify and manage orphaned or unowned applications within AppSec tooling, ensuring accountability, ownership assignment, and accurate system-of-record data. • Develop, maintain, and present security and compliance dashboards that provide visibility into application risk posture, vulnerability trends, remediation progress, and policy compliance metrics. • Document AppSec, DevSecOps, and GRC processes, controls, and operating procedures to ensure consistency, repeatability, and audit readiness. • Support internal audits, regulatory assessments, and external reviews by maintaining accurate compliance evidence, vulnerability remediation records, and risk management documentation.