Information Security Analyst

<p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Security compliance doesn't run itself — and at a company processing real-time pricing decisions for thousands of hotels worldwide, getting it right matters. As an Information Security Analyst at Duetto, you'll be the operational backbone of our security programme: keeping SOC 2 and ISO 27001 evidence current, running access reviews, managing vendor security assessments, supporting RFPs, and ensuring the governance infrastructure that underpins customer trust and audit readiness stays organised and on track. It's a detail-oriented, cross-functional role that touches Engineering, IT, Legal, HR, and Sales — and it's central to how Duetto earns and keeps the confidence of enterprise customers globally.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><strong>What Makes Us Different?</strong></p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Duetto is the hospitality industry's leading revenue management platform, founded in 2012 by former Wynn Resorts executives who knew the industry needed better technology. We built the world's first Revenue & Profit Operating System — a suite of tools (GameChanger, ScoreBoard, BlockBuster, Advance and more) that goes beyond room pricing to give hotels, resorts and casinos a complete picture of their revenue and profitability. Trusted by clients ranging from independent boutique hotels to global chains, we've been named the #1 Revenue Management Software by HotelTechAwards four years running and the #1 Best Place to Work in Hotel Tech in 2025. Backed by GrowthCurve Capital since 2024, we're accelerating our investment in AI — and we're genuinely passionate about the industry we serve. We build products we're proud of, for customers we care about.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><strong>What You'll Be Doing</strong></p> <ul class="[li_&]:mb-0 [li_&]:mt-1 [li_&]:gap-1 [&:not(:last-child)_ul]:pb-1 [&:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3"> <li class="whitespace-normal break-words pl-2">You'll administer and maintain Vanta (or equivalent GRC platform), collecting and maintaining SOC 2 Type 2 evidence across IT, Engineering, HR, Legal, and Security — and supporting ISO 27001, ISO 42001, NIST CSF, and internal control mapping efforts.</li> <li class="whitespace-normal break-words pl-2">You'll coordinate access reviews across production systems, cloud platforms, SaaS tools, privileged accounts, and business-critical systems — tracking onboarding and offboarding evidence, policy acknowledgements, training completion, device complian