Information Security Officer

The person appointed will be part of the Information Security Team and responsible for defining and embedding best practice information security policies, standards and processes based on ISO 27001, NIST Cyber Security Framework (CSF).

Reporting to the Head of Security, this role will principally advise and enable technical teams to make security decisions and provide advice and guidance, ensuring the effective use of common tools and patterns. Have a proactive responsibility to assist in the delivery of secure systems and implement proportionate controls by working with internal teams and 3rd party vendors provide Security Awareness and Training processes

Responsibilities:

• Implement ISO 27001 framework and Information Security Management System (ISMS)
• Develop a complete set of corporate Information Security policies and standards and continually monitoring the information security controls
• Lead on compliance reviews, certifications and accreditations (e.g. ISO27001, PCI DSS, GDPR etc.)
• Implement effective and appropriate GRC controls and measures to protect systems and data
• Identify, communicate and manage current and emerging security threats with relevant stakeholders
• Develop Information security compliance frameworks, security policies and procedures, where necessary
• Work with business, internal IT and 3rd party vendor teams to promote and adopt security best practices
• Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
• Develop educational programs in the area of security awareness
• Create a security process for onboarding new employees

Knowledge and Experience:

• Comprehensive understanding of Information Security Frameworks (e.g. ISO 27001, NIST)
• Understanding of EU Data protection regulations including PCI DSS and GDPR
• Experience to work with information security risks
• Working knowledge of Security Architecture and potential security issues related to them PaaS, IaaS, SaaS
• Experience in implementing security awareness processes
• Experience in implementing a security incident management process
• Experience in implementing vendor management process
• Excellent organizational and communication skills
• Proficiency in English and Russian, written and verbal (English – B2)