Information Security Officer at Enboarder

We are seeking an experienced and dedicated Information Security Officer (ISO) to join our team. The ISO will be responsible for establishing and maintaining the enterprise-wide information security management program to ensure that information assets are adequately protected. The ideal candidate will possess strong technical knowledge, exceptional communication skills, and a proactive approach to identifying and mitigating security risks.

Responsibilities:

Develop and Implement Security Policies: Design, implement, and enforce security policies, standards, and procedures to safeguard the organisation's information assets.

Risk Management: Conduct regular risk assessments and develop strategies to mitigate potential threats or vulnerabilities. Monitor and analyse security incidents to identify trends and potential weaknesses.

Security Awareness Training: Develop and deliver training programs to educate employees about security policies, procedures, and best practices.

Incident Response and Investigation: Lead incident response activities, conduct investigations, and coordinate with relevant teams to resolve security incidents promptly.

Compliance and Auditing: Ensure compliance with relevant laws, regulations, and industry standards (e.g., GDPR, ISO 27001). Conduct periodic audits to assess compliance and address any gaps identified.

Vendor Management: Assess and manage security risks associated with third-party vendors and service providers.

Security Governance: Collaborate with stakeholders to develop and maintain an effective security governance framework aligned with business objectives.

Audit Coordination: Collaborate with internal and external auditors to facilitate audits, address audit findings, and implement corrective actions as necessary.

Security Questionnaire Management: Complete security questionnaires from clients, partners, and other stakeholders. Ensure timely and accurate responses to inquiries related to our information security posture, policies, procedures, and controls.

Penetration Testing Coordination: Plan, coordinate, and oversee penetration testing activities conducted by internal or external teams. Define the scope, objectives, and methodologies for penetration tests across various systems and environments.

Vulnerability Assessment and Remediation: Collaborate with teams to identify vulnerabilities uncovered during penetration tests. Work closely with the Engineering and DevOps team to prioritise remediation efforts and ensure timely mitigation of identified security weaknesses.

Disaster Recovery Planning and Execution: Develop, maintain, and regularly update disaster recovery plans and procedures. Coordinate and lead comprehensive DR exercises to test the effectiveness of these plans, including scenarios simulating cyber attacks, natural disasters, or system failures.

Documentation and Reporting: Document findings, recommendations, and action plans resulting from penetration tests, Audits and DR exercises. Produce comprehensive reports outlining vulnerabilities, their potential impact, and recommended remediation strategies.

Requirements:

Bachelor’s degree in information security, Computer Science, or related field (advanced degree preferred).

Professional certifications such as CRISC, CISM, or CISA.

Proven experience of 3 to 5 years in information security management roles.

In-depth knowledge of security frameworks, such as NIST, ISO 27001, or SOC2 Controls.

Strong understanding of networking, encryption, authentication, and cloud security principles.

Excellent communication skills with the ability to convey complex security concepts to non-technical stakeholders.

Analytical mindset with the ability to assess risks and develop effective strategies to mitigate them.