Job Overview:
The Information Security Officer will play a crucial role in ensuring the organizations information assets are well-protected and compliant with regulatory industry and internal security standards. The primary focus of this role is on compliance government risk risk management business alignment and adherence to ISO standards. The role requires strong leadership skills a deep understanding of risk management regulatory requirements and the ability to work closely with various business units to ensure the successful implementation of security policies and practices.
Position how youll contribute:
- Compliance Management:
- Ensure that the organization complies with all relevant laws regulations and standards related to information security such as GDPR HIPAA SOX and other applicable industry-specific regulations.
- Conduct regular audits and assessments to ensure continuous compliance with internal security policies and external regulatory requirements.
- Coordinate with legal audit and compliance teams to maintain robust information security governance.
- ISO Standards and Certifications:
- Lead efforts to maintain and achieve ISO 27001 certification and other relevant standards (e.g. ISO 22301 for business continuity).
- Develop and maintain information security policies and procedures based on ISO standards ensuring continuous improvement in alignment with evolving risks.
- Conduct gap analysis audits and risk assessments to ensure adherence to ISO standards and provide recommendations for improvement.
- Business Alignment:
- Collaborate with business units to integrate security requirements into core business processes and decision-making.
- Provide guidance on the security implications of business initiatives ensuring security measures are considered without hindering business operations.
- Develop strong relationships with key stakeholders to ensure alignment between security policies and business objectives.
- Risk Management:
- Perform risk assessments to identify vulnerabilities and threats to information assets and develop strategies to mitigate these risks.
- Establish and maintain a risk management framework ensuring that the organization proactively addresses security risks while remaining compliant with industry standards.
- Oversee the development of incident response plans disaster recovery and business continuity plans to minimize the impact of security breaches.
- Security Awareness and Training:
- Design and deliver security awareness training programs to employees at all levels ensuring a culture of security across the organization.
- Ensure employees are educated on compliance requirements and security policies to foster proactive behavior toward risk management.
- Vendor and Third-Party Management:
- Assess the security posture of third-party vendors and partners ensuring compliance with the organizations security requirements.
- Manage vendor contracts related to security services ensuring they meet security and compliance standards.
- Reporting and Metrics:
- Develop and maintain security metrics to track compliance risk levels and incident response performance.
- Prepare and present regular security status reports to senior management and key stakeholders highlighting compliance posture risk mitigation efforts and key security initiatives.
Qualifications :
Expectations the experience you need:
- Bachelors degree in Information Security Cybersecurity IT or a related field. A masters degree is a plus.
- Professional certifications such as CISSP CISM CRISC or ISO 27001 Lead Auditor/Implementer.
- 5 years of experience in information security with a strong focus on compliance ISO standards and risk management.
- Experience in managing ISO 27001 compliance and certification processes.
- Knowledge of relevant regulatory frameworks such as GDPR HIPAA SOC 2 etc.
- Strong understanding of risk management principles including threat modeling and vulnerability assessments.
- Excellent communication and interpersonal skills with the ability to work collaboratively across departments.
- Analytical thinking and problem-solving skills with a focus on business and security alignment.
- Ability to manage multiple projects simultaneously while meeting deadlines.
Additional skills the edge you have:
- Experience in a highly regulated industry such as finance healthcare or energy.
- Familiarity with governance frameworks such as COBIT or NIST.
- Experience working with senior leadership and cross-functional teams to implement security strategies.
Additional Information :
Our offer professional development personal growth
- Flexible employment and remote work
- International projects with leading global clients
- Non-corporate atmosphere
- Internal & external training
- Private healthcare and insurance
- Multisport card
Remote Work :
Yes
Employment Type :
Full-time