Cyber Security Analyst

Unreconciled is a fast-growing fractional finance firm that provides end-to-end financial management solutions to startups, tech companies, and creative agencies globally. With offices in Ahmedabad and Kochi, we serve clients across the UK, US, and beyond, handling sensitive financial data that requires the highest level of security and compliance.

We are seeking a proactive and detail-oriented Junior Cybersecurity Analyst to assist in enhancing and securing our IT infrastructure. The ideal candidate will play a crucial role in implementing and managing security measures essential for an accounting firm handling end-to-end finance functions. This includes setting up and managing tools such as Google Chrome Managed Browser, Active Directory (AD), Sophos Management, 1Password, and securing payment systems on laptops.

As we scale from 30 to 100 employees over the next two years, this role is critical in building a robust security foundation that protects both our internal operations and our clients' sensitive financial information.

Google Chrome Managed Browser Setup:

• Configure and deploy managed browser settings to ensure secure and compliant internet usage across the organization
• Implement policies to control extensions, updates, and security settings

Active Directory (AD) Setup:

• Assist in the design and implementation of AD structures, including user accounts, groups, and organizational units
• Manage group policies to enforce security settings and access controls

Sophos Management:

• Deploy and manage Sophos endpoint protection across all company devices
• Monitor security alerts and assist in incident response activities

1Password Management:

• Implement and manage 1Password for secure password storage and sharing among team members
• Educate staff on best practices for password management and security

Securing Payment Systems on Laptops:

• Ensure that laptops used for payment processing are secured with encryption and up-to-date security patches
• Implement multi-factor authentication (MFA) and other security measures to protect sensitive financial data

Access and Identity Management:

• Implement role-based access controls to ensure employees have access only to the information necessary for their roles
• Regularly review and update access permissions, especially when employees change roles or depart from the company

Employee Education and Training:

• Conduct regular cybersecurity awareness training sessions to educate staff on recognizing phishing attempts and other social engineering attacks
• Develop and enforce a clear cybersecurity policy that outlines acceptable use of company resources and data handling procedures

Data Encryption:

• Ensure that all sensitive data, both at rest and in transit, is encrypted using industry-standard encryption protocols
• Utilize encrypted communication channels, such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS), for transmitting sensitive information

Regular Software Updates and Patch Management:

• Maintain an inventory of all software and hardware assets to ensure timely updates and patching
• Establish a routine schedule for applying security patches to operating systems, applications, and firmware to mitigate vulnerabilities

Network Security:

• Deploy firewalls to monitor and control incoming and outgoing network traffic based on predetermined security rules
• Implement intrusion detection and prevention systems (IDPS) to identify and respond to potential security breaches in real-time

Data Backup and Recovery:

• Regularly back up all critical data to secure, off-site locations to prevent loss in case of a security incident
• Develop and test a disaster recovery plan to ensure business continuity in the event of a cyberattack or data breach

Third-Party Risk Management:

• Conduct thorough due diligence on third-party vendors to assess their cybersecurity posture before engaging in business relationships
• Establish clear contractual agreements that outline security expectations and responsibilities for safeguarding shared data

Regular Security Audits and Assessments:

• Perform periodic security audits to evaluate the effectiveness of existing security measures and identify areas for improvement
• Utilize vulnerability scanning tools to detect and remediate security weaknesses proactively

Incident Response Planning:

• Develop a comprehensive incident response plan that outlines procedures for detecting, responding to, and recovering from cybersecurity incidents
• Conduct regular drills and simulations to ensure all team members are prepared to act swiftly and effectively during a security event

Compliance with Regulatory Standards:

• Stay informed about relevant cybersecurity regulations and standards applicable to the accounting industry, such as the NIST Cybersecurity Framework
• Ensure that all security practices align with legal requirements to avoid potential penalties and maintain client trust
• Support ISO 27001 and GDPR compliance initiatives

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field
• Basic understanding of cybersecurity principles and best practices
• Familiarity with tools such as Active Directory, endpoint protection software, password managers, and VPNs is a plus
• Strong problem-solving skills and attention to detail
• Excellent communication and teamwork abilities

• Technical Proficiency
• Analytical Thinking
• Attention to Detail
• Effective Communication
• Proactive Learning

• Protect financial data for high-growth startups and Web3 companies
• Work across two offices (Ahmedabad and Kochi) managing security infrastructure
• Direct reporting to Jay Desai (CTO) with significant autonomy
• Opportunity to build security framework from ground up as we scale
• Exposure to international compliance requirements (UK/US data protection)

• Hours: 12:30 PM - 10:00 PM IST (with on-call responsibilities)
• Location: Ahmedabad office
• Team: Work independently while coordinating with CTO and external consultants
• Growth Path: Progress to IT Head or Security Engineer role

• UK Work Culture: Collaborative environment with flat hierarchy
• 12 Fixed Holidays Per Year
• 18 Casual Leaves Per Year
• 14 Work from Home Days Per Year
• Best in Class Infrastructure
• Daily Dinner Provided