Information Security Officer (Permanent)
Remote job
Riverflex
We help courageous leaders create teams, augment intelligence and drive transformative change.Job Title: Information Security Officer
Seniority Level: Senior
Location: Remote (Germany, UK, Spain)
Language Requirements: English (German is a plus)
Our client is looking for a Permanent Information Security Officer will be responsible for managing the information security function across all subsidiaries. Reporting to the VP IT, you will oversee the day-to-day management of the information security function and team, while driving the information security strategy and program.
You will be joining a growing international technology company and will play a pivotal role in implementing security best practices across the organization. Leading a team of 2, you will have the opportunity to shape direction and drive organizational change. With a focus not only on IT Security and hard skills, you will have the opportunity to develop a Security native mindset across Engineering, support all other functions and be a vital part of the secure future of the client.
Key Responsibilities:
- Strategic Leadership:
- Having an entrepreneur mindset and being willing to get your hands dirty
- Seeing soft skills as important as hard skills and help developing them within your team
- Design and implement a security strategy aligned with company goals and objectives
- Function as a translator and adopt the language of stakeholders to translate complex Information Security related topics into simple words
- Work with the wider leadership team to cultivate a security-centric culture within the organization
- Regularly report to the board on the state of security and the wider threat landscape.
- Having an entrepreneur mindset and being willing to get your hands dirty
- Operational Excellence:
- Lead the security function to deliver pragmatic and hands-on solutions
- Collaborate with technical stakeholders to embed security-conscious mindsets within IT and engineering team
- Lead security incidents and conduct lessons learned exercises to drive continuous improvements
- Client Engagement:
- Act as the main point of contact for client queries, presenting the organisations' security posture and program when required
- Risk Management:
- Help the organization understand its risks and design plans to mitigate key risks
- Accountable for the successful running of the ISMS
- Data Protection:
- Build an effective data protection capability, working closely with the DPO and internal data protection coordinators to deliver a globally oriented service
Requirements
Your Profile:
- Leadership:
- A highly collaborative leader who can deliver at pace in a fast-moving environment
- Excellent written and verbal communication skills, especially the ability to translate technical subjects to non-technical audiences
- Experience & Knowledge:
- Experience working in a small, agile organization and understanding of its dynamics
- Proven experience in implementing or leading an ISO27001 capability
- Experience building security functions in green/brown field environments
- Working knowledge of security best practices for cloud environments (AWS, Azure)
- Experience supporting data privacy practices, such as conducting DPIA assessments or managing an outsourced DPO service
- Knowledge of global data privacy legislation such as GDPR, CCPA, PECR
- Desirable Experience:
- German speaker with B2 level plus.
- Experience implementing or auditing ISO standards, ideally as a Lead Implementor/Auditor for ISO27001
- Knowledge of SOC2 and other industry-specific standards/regulations
- General security-relevant certifications such as CISSP, CISM, CISA are preferred but not necessary
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Audits AWS Azure CCPA CISA CISM CISSP Cloud GDPR ISMS ISO 27001 Privacy Risk management Security strategy SOC 2 Strategy
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.