Information Security Risk Officer
The role:
Join our dynamic Information Security GRC team to play a crucial role in strengthening our business operations. As a key member, you'll enforce our Information Security Framework, conduct internal risk assessments, and collaborate your line manager to define assessment scopes. Your responsibilities will include: review internal systems, processes, and procedures, record risks, and prepare insightful reports. Additionally, you'll contribute to Information Security projects, ensuring state-of-the-art solutions in line with regulatory requirements and best practices. This is an opportunity to make a significant impact in a forward-thinking environment, safeguarding our business while driving innovation in Information Security. Join us for a fulfilling journey!
The main responsibilities of the position include:
Plan and execute technical and targeted risk assessments in IT infrastructure, applications, technologies, and third parties
Assess internal controls, processes, and policies related to Information Technology and Security, identify deficiencies, and develop remediation strategies
Perform risk analysis on current risks and identify potential risks at operational, tactical, and strategic level
Perform risk evaluation on previously handled risks and compare mitigation approaches to potential risks
Maintain the risk register and the Information Security Risk Management Program
Identify information security risks and make recommendations that are appropriate, practical, and cost-effective
Manage and monitor the progress of remediation steps on risk assessment findings
Prepare comprehensive reports summarising the actions taken for to remediate identified risks
Provide regular reports and metrics on the security posture of the company
Act as the escalation point of the information security department for any information security related risks
Main requirements:
BSc/MSc in Information Security or any other relevant degree
At least 3 years of work experience in information security risk management and information security risk assessment
Technical knowledge of operations, physical, network, host and application security, as well as security architecture, virtualisation, and cloud infrastructures
Good understanding of security regulations and frameworks, such as ISO 27005, ISO 27001, NIST CSF and 800-53, DORA, GDPR, etc
Risk-related certifications, such as CRISC, CGRC, and CISSP, are a plus
Ability to work autonomously with minimum supervision and to integrate well within a team
Ability to articulate security risks and communicate effectively to various levels of management
Self-motivated, proactive, and efficient
Ability to work under pressure in a fast paced environment
Strong interpersonal, organisational, and project management skills
Excellent communication skills with the ability to explain technical concepts to a non-technical audience.
Excellent written and verbal skills in English
Benefit from:
Attractive remuneration package
Private health insurance
Corporate pension fund
Intellectually stimulating work environment
Continuous personal development and international training opportunities
The Hiring Experience: What Awaits You
Let’s Connect – Intro Chat with Talent Acquisition
Deep Dive – First Interview with Your Future Team
Final Connection – Final Interview
All applications will be treated with strict confidentiality!
Match Group
Assurant
chaucergroup
Comtech
Armis Security