Home

Join our dynamic Information Security GRC team to play a crucial role in strengthening our business operations. As a key member, you'll enforce our Information Security Framework, conduct internal risk assessments, and collaborate your line manager to define assessment scopes. Your responsibilities will include: review internal systems, processes, and procedures, record risks, and prepare insightful reports. Additionally, you'll contribute to Information Security projects, ensuring state-of-the-art solutions in line with regulatory requirements and best practices. This is an opportunity to make a significant impact in a forward-thinking environment, safeguarding our business while driving innovation in Information Security. Join us for a fulfilling journey!
 

The main responsibilities of the position include:

• Plan and execute technical and targeted risk assessments in IT infrastructure, applications, technologies, and third parties
• Assess internal controls, processes, and policies related to Information Technology and Security, identify deficiencies, and develop remediation strategies
• Perform risk analysis on current risks and identify potential risks at operational, tactical, and strategic level
• Perform risk evaluation on previously handled risks and compare mitigation approaches to potential risks
• Maintain the risk register and the Information Security Risk Management Program
• Identify information security risks and make recommendations that are appropriate, practical, and cost-effective
• Manage and monitor the progress of remediation steps on risk assessment findings
• Prepare comprehensive reports summarising the actions taken for to remediate identified risks
• Provide regular reports and metrics on the security posture of the company
• Act as the escalation point of the information security department for any information security related risks

• BSc/MSc in Information Security or any other relevant degree
• At least 3 years of work experience in information security risk management and information security risk assessment
• Technical knowledge of operations, physical, network, host and application security, as well as security architecture, virtualisation, and cloud infrastructures
• Good understanding of security regulations and frameworks, such as ISO 27005, ISO 27001, NIST CSF and 800-53, DORA, GDPR, etc
• Risk-related certifications, such as CRISC, CGRC, and CISSP, are a plus
• Ability to work autonomously with minimum supervision and to integrate well within a team
• Ability to articulate security risks and communicate effectively to various levels of management
• Self-motivated, proactive, and efficient
• Ability to work under pressure in a fast paced environment
• Strong interpersonal, organisational, and project management skills
• Excellent communication skills with the ability to explain technical concepts to a non-technical audience.
• Excellent written and verbal skills in English

Benefit from:

• Attractive remuneration package
• Private health insurance
• Corporate pension fund
• Intellectually stimulating work environment
• Continuous personal development and international training opportunities