Finance & Insurance
Information Security Officer (Governance, Risk and Compliance)
In this project you’ll contact with the European stock market area. Despite its development center being located in Porto and all administrative support in Lisbon, you will be part of a multicultural team that is spread across several European cities.
We are seeking a Information Security Officer (Governance, Risk and Compliance) to join our team in Porto (hybrid model)
Key activities:
- Assisting with the implementation and maintenance of the Information Security Programme;
- Assisting with efforts to align internal security practices with industry best practices and security frameworks commensurate with strategy and the expectations of our clients and regulators;
- Timely and accurate reporting of the current state of all assigned projects/initiatives;
- Keeping track of policy and standards exceptions and the risks aligned to them;
- Keep abreast of new risks and trends in the threat landscape that may need to be addressed within information security policies, procedures and standards;
- Exhibit a broad knowledge of security compliance and auditing frameworks and apply those to formulate policies, procedures and standards;
- The delivery of ongoing security awareness and training through various tools and workshops;
- Ownership and oversight of all controls owned by InfoSec, including the approval point for all change efforts, etc, that might impact any such controls.
Required skills:
- 2+ years’ experience in a specific Information security role (e.g. related ISO 27001 consultant / projects);
- Experience within the financial sector will be a considerable benefit;
- Past/proven experience working in a team;
- Established background in Information Security Risks processes and in IT/Information Security Audit;
- Strong background and knowledge of working with and implementing international security standards and frameworks, such as: ISO27001, ISO27002, ISO27005, NIST, Cobit 5, etc.;
- Ability to deliver security education and awareness training sessions and material;
- Excellent written/verbal communications skills and organisational skills;
- Must be able to work well under pressure, prioritise workload appropriately and work well alone or as part of a team;
- Ability to adjust to changing priorities while multitasking effectively and to articulate complex security and privacy concepts to business users;
- Ability to communicate with clients in a professional manner;
- Working/technical knowledge of IT infrastructure and security specific controls;
- Security industry certifications are considered a plus, e.g. include; CISA, CISM, CRISC, CGEIT, Cobit 5, ISO 27001 or other security / ISO related certifications.
We offer:
- Integration in a dynamic, experienced and friendly team;
- Technical, behavioral and linguistics training opportunities;
- Career development.