Job Title: Information Security Professional
Overview:
We are seeking a seasoned information security expert to spearhead our team's efforts in defining and implementing best practice information security policies, standards, and processes based on ISO 27001.
Main Responsibilities:
* Lead Governance, Risk & Compliance initiatives, encompassing compliance reviews, certifications, and accreditations (e.g. ISO27001, GDPR, third-party suppliers, and clients).
* Conduct thorough security threat and risk assessments, monitor the risk treatment plan, and perform security assessments/reviews on complex information systems.
* Implement relevant Governance, Risk, and Compliance (GRC) controls and measures to safeguard systems and data.
The ideal candidate will be responsible for:
* Enhancing existing and creating new information security policies, standards, and guidelines.
* Contributing to the development of digital strategies to mitigate information security risks.
* Collaborating with business, internal IT, and third-party vendor teams to promote and adopt security best practices.
* Providing information security support to current and future IT projects.
Requirements:
* Good knowledge of managing an ISO 27001 Information Security Management System.
* Minimum 5 years' experience working in information security.
* Understanding of GDPR and Data Privacy Impact Assessment.
* Monitoring and reporting on compliance with security and data protection policies, as well as enforcement of policies.
The successful candidate will possess:
* A good understanding of Microsoft M365, Power Platform, CoPilot, and Azure security.
* Knowledge of secure design architecture and principles.
* Ability to triage security incidents.
* Ability to carry out technical security audits and security architecture reviews.