Job Summary
We are seeking an Information Security Officer to lead our security compliance efforts. This role will be responsible for managing and implementing various security control frameworks, ensuring compliance with international and local security standards, and fostering a culture of information security within the organization.
Main Responsibilities:
* Lead the GRC function within Nitro, liaising with all relevant stakeholders.
* Manage and lead all of Nitro's compliance efforts from ISO 27001, SOC2, HIPAA, DORA, and NIS operations and new requirements.
* Manage and contribute toward Qualified Trust Services Provider certification (QTSP).
* Contribute to the development of internal governance policies and procedures.
* Facilitate and manage the security risks directly or indirectly impacting the Organization.
* Monitor local and international regulatory requirements and changes as they impact Nitro or any of its products.
* Be the SME in all audits with external and internal auditors.
* Perform operational checks, identify gaps, and advise on mitigations.
* Contribute to the privacy function within Nitro to maintain compliance with GDPR.
* Uplift the security culture of the organization by constant communication and implementing a comprehensive training program.
Requirements:
* At least 5 years of experience as ISMS implementer, managing and implementing various security control frameworks.
* Strong Project Management Skills with at least 3 years of experience.
* Experience with information security, security certifications, and risk assessments.
* Working knowledge of common information security management frameworks, regulatory requirements, and applicable standards such as ISO 27001:2013/2022, NIST CSF, SOC/HIPAA, ETSI standards for eIDAS, etc.
* Knowledge of information protection methodologies and concepts, such as identification and authentication, access control, audit trails.
* Strong interpersonal communication and coordination skills and the ability to communicate effectively with a wide range of employees, leaders at various levels, and other customers.
* Knowledge of international and local security standards.
* Strong knowledge in Microsoft Office Applications (Word, Excel, and PowerPoint) and OneTrust.
* Coordination, facilitation, consultation, and conflict resolution skills.
Preferred Skills:
* Higher education/relevant security certifications like ISO 27001 Lead Implementer, CISM, or CISA.
* Understanding of information technologies and data security.
* Knowledge of the business or digital signature area and organization.
* Ability to promote an information security culture within the organization.