In the context of reinforcing its operations and the implementation of ISO27001, JAO is in search for an Information Security Officer able to on-board and to develop quickly in a diverse IT eco-system.
The person is foreseen to take over a series of duties associated with the ISMS management and to deliver support in the projects design and support and contribute actively in the implementation phases. The function will be in charge of supporting the implementation and following-up compliancy of the information security strategy and policies, to ensure confidentiality, integrity and availability of all information assets.
The Information Security Officer will monitor information security, cybersecurity and contributing to IT risk management programs based on industry-accepted information security and risk management frameworks. The person will be an integral part of the Information Technology organization in regards to the implementation of information security strategy and policies, reporting directly to the IT Manager and working closely with the Risk Manager who defines the information security roadmap and strategy, to help improve and communicate the maturity levels of information security, state of cybersecurity and IT risk practices across JAO.
- Support and implement information security policy, within the strategic goals of the organization, and translate this into information security concepts;
- Coordinate the continuous development, implementation and updating of security and privacy policies, standards, guidelines, processes and procedures in compliance with regulations and/or standards;
- Supporting and coordinating vulnerability and penetration tests with third parties, identifying, and defending against threats and coordinating follow-up actions;
- Analyze the information security risks and support different audits, as well as participate in the internal & external risk management processes;
- Following audits, propose practical and pragmatic action plan and technical and/or organizational measures to the management;
- Design and implement required controls related to information security;
- Proactive identification and reporting of information security risks as well as responding to observations identified by third party auditors;
- Assisting in the development of periodic reports and dashboards presenting the level of controls compliance and current information security risks;
- Coordinate and assist information security audits and facilitate management response and remediation efforts;
- Support compliance officer to ensure overall IT compliance with regulatory requirements through proactive planning and communication;
- Assist during and report follow-up of cyber security incidents;
- Draft and propose disaster recovery plans;
- Support and enhance information systems security management awareness and provide trainings about information security.
Must Have Requirements
- Demonstrable evidence of analysing, defining, documenting and implementing information security processes;
- Knowledge of common information security management frameworks, such as ISO/IEC 27001;
- Familiarity with Network security and architecture;
- Familiarity with System hardening standards on Linux & Windows;
- Experience with information security audits, reviews, and assessments, such as SOC II/ISAE 3402 is considered as an advantage;
- Experience with working with Security Operations Centers is considered as an advantage.
Nice To Have Requirements
- Good presentation and communication skills;
- Recent trainings or certifications in the area of information security, are considered as an advantage;
- Fluent in English with excellent written and spoken skills, any other language will be being an advantage;
- Good problem-solving skills;
- Attention to detail.