Job Title: Information Security Officer (Governance, Risk and Compliance)
We are a consulting company focused on System Information and Telecommunications.
Your goal will be to help our candidates and consultants take a step forward in their careers through projects that meet their needs and expectations.
In this project, you'll work with the European stock market area.
Key Responsibilities:
1. Assisting with the implementation and maintenance of the Information Security Programme;
2. Aligning internal security practices with industry best practices and security frameworks commensurate with strategy and client/regulator expectations;
3. Providing timely and accurate reporting of assigned projects/initiatives;
4. Tracking policy and standards exceptions and associated risks;
5. Staying up-to-date on new risks and trends in the threat landscape that may need to be addressed within information security policies, procedures, and standards;
6. Applying knowledge of security compliance and auditing frameworks to formulate policies, procedures, and standards;
7. Delivering ongoing security awareness and training through various tools and workshops;
8. Owning and overseeing all controls owned by InfoSec, including approval points for change efforts impacting any such controls.
Requirements:
1. At least 2 years' experience in a specific Information Security role (e.g., related ISO 27001 consultant/projects);
2. Experience in the financial sector is beneficial;
3. Past/proven experience working in a team;
4. Established background in Information Security Risks processes and IT/Information Security Audit;
5. Strong background and knowledge of working with and implementing international security standards and frameworks, such as: ISO 27001, ISO 27002, ISO 27005, NIST, Cobit 5, etc.;
6. Ability to deliver security education and awareness training sessions and material;
7. Excellent written/verbal communication skills and organisational skills;
8. Able to work well under pressure, prioritise workload appropriately, and work well alone or as part of a team;
9. Able to adjust to changing priorities while multitasking effectively and articulate complex security and privacy concepts to business users;
10. Able to communicate with clients in a professional manner;
11. Working/technical knowledge of IT infrastructure and security specific controls;
12. Security industry certifications are considered a plus, e.g., CISA, CISM, CRISC, CGEIT, Cobit 5, ISO 27001 or other security/ISO related certifications.
What We Offer:
1. Integration in a dynamic, experienced, and friendly team;
2. Technical, behavioral, and linguistics training opportunities;
3. Career development.