We are looking for an experienced and hands-on information security officer to design and enforce policies and procedures that protect our organization’s computing infrastructure from all forms of security breaches. You will be responsible for identifying vulnerabilities and working with different departments to resolve them, ensuring that our network and information assets remain secure.
Our ideal team member will have excellent analytical, communication and prioritizing skills with in-depth knowledge of best practices to prevent a wide range of security threats. You’ll often be asked to work independently in this role, but also to collaborate and communicate with all relevant departments as you promote and implement a culture of information security within the organization.
The position will consist of approximately 75% governance related responsibilities and up to 25% hands-on implementation of IT processes and controls.
In this role, you will be a Key Function holder responsible for the Network and Information Security of the Company vis-à-vis our regulatory authorities whilst reporting to the COO of the Group.
Information Security Officer Responsibilities:
- Developing and implementing a comprehensive plan to secure the Company’s information systems
- Taking ownership of the Company’s periodic information security audits and correction of any identified non-conformities/areas of improvement
- Taking ownership of the Company’s risk and vulnerability work, identifying Identify acceptable levels of residual risk and assist with action plans, policy, and procedural changes for risk mitigation
- Performing penetration tests to find any vulnerabilities
- Monitoring network usage to ensure compliance with security policies.
- Hands-on implementation of IT processes and controls (up to 25%)
- Keeping up to date with developments in IT security standards and threats.
- Collaborating with management and the IT department to improve security and correct any identified vulnerabilities.
- Documenting any security breaches and conducts investigations, prepares recommendations, and follow up evaluation; and analyse patterns and trends. Where applicable, reporting to the relevant (regulatory) authorities.
- Provision of training to the Company’s employees about threats and best practices for information security.
A degree in computer science or a technology-related field and/or a minimum of 3 years experience in an information security role.
Knowledge, Skills and Abilities:
- Experience in risk, compliance, and information security policy development.
- Solid knowledge of information security regulatory requirements and standards such as ISO 27001 and PCI DSS
- Experience in implementing IT processes and controls including:
- Windows\Linux, virtualization environments
- Active Directory and related components (LDAP, Kerberos), Office 365
- Networking essentials – TCP\IP, DHCP, DNS, vLan, load balancing, firewalls, network switches
- Excellent problem-solving, prioritizing, analytical and troubleshooting skills
- Willingness to learn new technology and apply best engineering practices
- Strong interpersonal skills and the ability to effectively communicate with all levels in the organization about various security measures.
- Effective verbal and written communication skills
- Experience with Backup and Monitoring tools (PRTG)
- Experience with Scripting PowerShell, bash, c shell, etc.
- Knowledge of laws and regulations relating to Data Protection including the General Data Protection Regulation 2018 (GDPR) and the Privacy and Electronic Communications Directive 2002 (ePrivacy Directive)
- Professional information security certification (e.g., CISSP)