Information Security Officer - GRC/ Risk

The North Starr ,
London, Greater London

Overview

Superb opportunity to join an established yet growing fintech solutions provider in a greenfield role. This is a superb opportunity for the candidate to really take their information security career to the next level. Key Responsibilities Support in the review, design and implementation of IT security standards (ISO/IEC 27001) and their implementation across the business Support in security and compliance matters including but not limited to implementation of new security tools, Internal/External Auditor engagements and any information security legislative/regulation compliance requirement Provide security subject matter expertise on projects undertaken by the business and act as advisor on all business security policy, security strategy and information risk management issues Support in the execution of the general data privacy assessment processes (including third-party assessments), internal control reviews and risk assessments to monitor compliance with information security policies and standards Working effectively with IT, Development and Client service teams to coordinate InfoSec changes and ensure that information security requirements are embedded at an early stage of the business process Assist in developing and maintaining Security Incident Response Procedures and Data Breach Guidelines. Reviewing and reporting on security incidents, potential incidents or other security risks and ensuring that appropriate correction and preventative measures are implemented Working with our sales teams to ensure that due diligence assessments, InfoSec questionnaires and RFPs are completed to deadlines Working closely with the CTO to support with risk remediation and solution design related to vulnerability scanning and penetration testing of critical assets Ensure that the ISMS security, process and critical systems documentation is maintained/reviewed at appropriate levels and at designated review times Assist in conducting Internal IS audits, producing reports with recommendations for remediation and improvement Maintain staff information security awareness Must haves: You will already be in an information security compliance position (or similar), have a good background in IT and a solid understanding of enterprise computing environments including data centres, networks, operating systems and security appliances. Other essential skills include: Minimum of two years in similar IT compliance or security role Understanding and experience of successfully maintaining information security standards in a live multi-country environment such as ISO/IEC 27001 Knowledge of current information security legislative/regulatory requirements such as GDPR Knowledge and experience of internal information security auditing based on ISO/IEC 27001 Information Security standards Knowledge of risk management/assessment and compliance principles as they relate to projects and operations Knowledge of Business Continuity principles Strong communicator with excellent written communication skills Strong analytical and organisational skills with the ability to work independently, as well and as part of a wider team, with minimal supervision Have a positive attitude with an eagerness to learn and develop professional knowledge Occasional flight travel to other European offices This job was originally posted as www.cwjobs.co.uk/job/89960413