Information Security Officer
Skills
About the Role
You will take ownership of the second-line information security, IT risk and compliance function. You will build, run and improve the ISMS, drive compliance with DORA, GDPR and other regulations, review first-line IT controls, support audits, perform vendor due diligence, and follow up on incidents and remediation plans.
Requirements
- 3–5 years of experience in information security, IT risk or compliance
- Solid knowledge of DORA, GDPR and general information security principles
- Hands-on experience with setting up or managing an ISMS (ISO 27001)
- Technical background or experience with cloud infrastructure, CI/CD, SDLC, IAM or microservices
- Strong understanding of risk management frameworks, controls and compliance processes
- Relevant certification is a plus (e.g., ISO 27001 LA/LI, CISA, CISSP)
- Experience coordinating audits and managing compliance documentation
- Excellent communication skills and a proactive independent approach
Responsibilities
- Own and operate the second-line information security risk and compliance program
- Lead the setup and operation of the ISMS aligned with ISO 27001
- Drive compliance efforts with DORA, GDPR, AI Act and other relevant regulations
- Review and challenge first-line teams on IT security practices, policies and controls
- Define and maintain the IT risk management framework using best practices (e.g., ISO 27005, NIST)
- Maintain IT compliance documentation, policies and processes
- Schedule, manage and support internal and external audits
- Review new tools and vendors and assist in software approval and due diligence
- Track incidents, non-conformities and risks and follow up with remediation plans
- Act as an internal advisor on security and compliance best practices
Benefits
- Bonus scheme
- Shares incentive plan
- 25 paid holidays per year
- Equipment provided (MacBook, Windows, standing desks)
- Flexible working hours
- Possible partial remote work
- Monthly team drinks
- Yearly company off-sites