The Information Security Officer should be recognized as the trusted partner in driving secure digital transformation, fostering a culture of security awareness, and mitigating the risks impacting the organization.
The Information Security Officer will contribute with expertise, proposing and leading the implementation of the IT governance and security strategies, reducing risk to an acceptable level, and ensuring business continuity.
Description
- IT Security Framework: Development, implementation and maintenance of security policies, standards, and procedures aligned with industry best practices, regulatory requirements and internal guidelines (aligned with Data Security Officer);
- Risk Assessment & Management: Performing regular technological risk assessments to identify, evaluate, and prioritize security threats across our Application Landscape. Deploying effective risk mitigation strategies and controls;
- Incident Response: Develop effective incident response plans to manage and contain security breaches (in coordination with Data Security Officer), ensuring timely recovery and prevention of future occurrences. Support the local Data Protection Officers in case of data breaches;
- Security Awareness and Training: Promoting a security-conscious culture through ongoing training and awareness programs for employees and partners;
- Compliance Management: Ensuring adherence to relevant security regulations, industry standards, and contractual obligations;
- Technology Security: Overseeing and managing the implementation of security-related controls and technologies, including firewalls, intrusion detection systems, encryption, and access management;
- Data Privacy: Supporting the Data Security Officer in the technological implementation of measures to protecting personal and sensitive data in accordance with applicable privacy laws and regulations;
- 3rd Third-Party Risk Management: Assessing and managing security risks associated with external vendors and partners.
Profile
- Degree in Computer Science, Computer Engineering, IT Security or related fields;
- Good understanding of BT systems, technologies, and operations in complex environments;
- Strong IT experience with focus on security operations and information security;
- Working knowledge of risk and business continuity management;
- Strong understanding of cyber security regulation as well as standards and frameworks;
- Hands on experience in technical security operations;
- Demonstrated project management skills and experience (across multiple functional areas);
- Ability to work effectively in a dynamic environment, managing multiple priorities and stakeholders;
- Effective communicator (able to convey the message in a clear way with all stakeholders);
- English proficiency.
Nice to have
- ISO27001/5 certification;
- CISSP (Certified Information Systems Security Professional);
- CEH (Certified Ethical Hacker);
- GDPR knowledge.
Job Offer
Career opportunity in an international environment.