Single Job

You will contribute to the implementation and maintenance of the organisation's information security program, to ensure that people and information assets are adequately protected. You will also be responsible for assessing and assuring the information security of third-party suppliers and ensuring compliance with the company’s security standards.
 

The main responsibilities of the position include:

• Identifying and addressing security violations and inefficiencies with systems and applications
• Conduct due diligence of third-party service providers’ security controls, posture and products, and ensure compliance with Company policies and security posture
• Perform security assessments on third-party software and service provides such as cloud services, technology vendors, or any other services outsources to a 3rd party to identify potential risk
• Monitoring and seeking assurance on the level of compliance of third-party service providers to ensure the secure supply chains of information systems, identify any information security risks, and improve their information security standards and controls
• Work with Legal to ensure third party contracts and service agreements contain adequate information security contractual provisions to protect information and information processing services
• Make recommendations for improving controls and practices to reduce risks related to information security
• Initiating and promoting activities to foster information security awareness within the company

Main requirements:

• BSc/MSc in Information Security or any other related field
• Minimum 1-2 years' experience in information security or a similar role
• Experience in Information Security Governance and demonstrated ability to develop policies and procedures
• Skilled across various areas of Information Security such as operations, physical, network, system and application security
• Possess knowledge and understanding of common security frameworks and standards, such as: ISO27001, NIST CSF, NIST 800-53 etc
• CompTIA Security+, ISC2 CC, EC-Council CEH – or a relevant certification in matters of cybersecurity and/or ICT will be considered an advantage
• Familiar with the European General Data Protection Regulation (GDPR) and Digital Operational Resilience Act (DORA) Regulation
• Strong interpersonal, organizational and team working skills
• Excellent written and oral communication skills, in both English and Greek language
• Ability to work as part of a team

Benefit from:

• Attractive remuneration package plus performance related reward
• Private health insurance
• Corporate pension fund
• Intellectually stimulating work environment
• Continuous personal development and international training opportunities