Information Security Officer - Governance, Risk and Compliance

== HYBRID JOB (3 days / week at the office) ==

What you can expect

Our client is a prominent financial marketplace operating across multiple countries in Europe. It facilitates the trading of various financial instruments such as stocks, derivatives, commodities, and exchange-traded funds.

What you will be doing

• Assist in implementing and maintaining the Information Security Programme.
• Assist efforts to align internal security practices with industry best practices and security frameworks.
• Stay updated on the threat landscape and adjust/draft solution designs accordingly.
• Provide timely and accurate reporting on the current state of all assigned projects/initiatives.
• Track policy and standards exceptions along with associated risks.
• Stay informed about new risks and trends in the threat landscape to address them within information security policies, procedures, and standards.
• Demonstrate broad knowledge of security compliance and auditing frameworks and apply them to formulate policies, procedures, and standards.
• Deliver ongoing security awareness and training through various tools and workshops.
• Own and oversee all controls owned by InfoSec, including being the approval point for all change efforts impacting such controls.

What you will bring

• 5+ years of experience in a specific Information security role (e.g., related ISO 27001 consultant/projects).
• Experience within the financial sector will be advantageous.
• Proven experience working in a team environment.
• Established background in Information Security Risks processes and IT/Information Security Audit.
• Strong background and knowledge of implementing international security standards and frameworks such as ISO27001, ISO27002, ISO27005, NIST, Cobit 5, etc.
• Ability to deliver security education and awareness training sessions and materials.
• Excellent written/verbal communication skills and organizational skills.
• Capability to work well under pressure, prioritize workload appropriately, and work independently or as part of a team.
• Ability to adapt to changing priorities while multitasking effectively and to articulate complex security and privacy concepts to business users.
• Professional communication skills with clients.
• Working/technical knowledge of IT infrastructure and security-specific controls.
• Security industry certifications are a plus, such as CISA, CISM, CRISC, CGEIT, Cobit 5, ISO 27001, or other security/ISO-related certifications.