Information Security Analyst

📋 Description

• • **Why This Role Matters:** As the **Information Security Analyst** at Duetto, you will serve as the operational backbone of the company’s security program, ensuring compliance with critical frameworks like SOC 2 and ISO 27001. In an industry where real-time pricing decisions impact thousands of hotels worldwide, your work will directly underpin customer trust, audit readiness, and the governance infrastructure that enables enterprise deals. This role is detail-oriented, cross-functional, and central to how Duetto earns and maintains the confidence of global enterprise customers.
• • **Day-to-Day Responsibilities:**
• • **Compliance Administration:** Administer and maintain Vanta (or an equivalent GRC platform) to collect and organize SOC 2 Type 2 evidence across IT, Engineering, HR, Legal, and Security. Support ISO 27001, ISO 42001, NIST CSF, and internal control mapping efforts to ensure audit readiness.
• • **Access Reviews:** Coordinate access reviews for production systems, cloud platforms, SaaS tools, privileged accounts, and business-critical systems. Track onboarding/offboarding evidence, policy acknowledgments, training completion, device compliance, and access removal to maintain security hygiene.
• • **Governance and Risk Management:** Maintain the governance policy inventory, review cycles, approvals, exceptions, and evidence. Keep the risk register, risk treatment tracker, remediation due dates, and exception evidence current under Director oversight.
• • **Vendor and Third-Party Security:** Support vendor and third-party security reviews, including annual assessments, questionnaires, risk ratings, and Data Processing Agreement (DPA) tracking. Track penetration test findings, vulnerability remediation plans, and closure evidence to mitigate risks.
• • **Customer Trust and RFP Support:** Draft and maintain approved responses for RFPs, sales questionnaires, and customer trust materials. Maintain the Live Trust page in coordination with Security, Legal, and Sales teams to ensure transparency and compliance.
• • **Incident Response and Training:** Support incident response documentation, including timelines, root cause analysis (RCA) records, and post-incident action items. Coordinate phishing simulations, security awareness training, completion tracking, and reporting to foster a security-conscious culture.
• • **About Duetto:** Duetto is the hospitality industry’s leading revenue management platform, founded in 2012 by former Wynn Resorts executives. The company has built the world’s first **Revenue & Profit Operating System**, a suite of tools (GameChanger, ScoreBoard, BlockBuster, Advance, and more) that goes beyond room pricing to provide hotels, resorts, and casinos with a complete picture of their revenue and profitability. Trusted by clients ranging from independent boutique hotels to global chains, Duetto has been named the **#1 Revenue Management Software** by HotelTechAwards for four consecutive years and the **#1 Best Place to Work in Hotel Tech** in 2025. Backed by GrowthCurve Capital since 2024, Duetto is accelerating its investment in AI and is passionate about the industry it serves.
• • **What You’ll Learn and Achieve:**
• • **Impactful Compliance Work:** Your contributions will directly enable enterprise deals and customer trust at global hotel brands and casino groups. Unlike siloed GRC roles, your work will be visible, consequential, and tied to commercial outcomes.
• • **Cross-Functional Growth:** You’ll collaborate with Engineering, IT, Legal, HR, and Sales teams, gaining a breadth of context that accelerates career development. This role offers exposure to AI governance alignment under ISO 42001, providing a unique opportunity to shape processes in a growing security program.
• • **AI-First Environment:** Duetto is an AI-first organization, and even compliance roles benefit from tools and workflows designed to work smarter. You’ll have the chance to influence how security processes are built, not just maintain existing systems.