Role: Information Security Officer

Location: Vienna or London (Remote)

Role Purpose: The Local Information Security Officer operates within the governance, risk & compliance (GRC) service provided by CISO function through the GRC team. The role acts as the security interface between the CISO's strategic and process-based activities and other critical teams, like Engineering, Machine Learning, Product, Facilities, HR and Legal. The role holder reports into the Director Information Security and they need to positively influence other members of the security team as well as other departments across the company.

Example Responsibilities

• Support the ISMS operation and associated independent security certification activities for SOC2, ISO 27001 and PCI DSS.
• Shape the strategy and direction of our security operating model, helping focus on utilising the right skill sets on the most appropriate subjects.
• Create and manage a unified continuous monitoring model for multiple customer compliance frameworks possibly including new frameworks on a continuous basis as business expands.
• Manage and evolve the GRC platform with the upkeep of information metrics and support all aspects of GRC security for key departments, as their security business partner.
• Support the transition/integration of security models associated with business acquisitions.
• Management of security KPI metrics and reporting strategies
• Delivery high-frequency communications regarding progress on security programs.
• Management of security policies and processes, to ensure operational efficiency, meeting regulatory compliance, and support for regional demands.
• Coordinating the overview of technical control initiatives to meet security policies.
• Gathering, analysing and assessing the current and future threat landscape and providing a realistic overview of (local) risks and threats in the enterprise environment.
• Planning and execution of external and internal audit activities as required.
• Assisting fellow colleagues in understanding and pragmatically responding to security audit findings.
• Support the CISO function to develop budget projections based on (local/regional) tactical and strategic goals and objectives.

Experience and Qualifications

• Recent success in helping create and operate cutting edge (non-traditional) Information Security Management Systems, ideally within high tech businesses.
• Ability to demonstrate contemporary information security concepts, best practices and strategies.
• Expert level of managing SOC 2, and ISO 27001, this is essential; knowledge of PCI DSS would also be beneficial.
• In-depth understanding and hands-on experience of how information security can impact an organisation; you can give examples and explain both positive and negative impacts.
• Comfortable providing high quality updates to various levels and global audiences, including video.
• A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred.
• Excellent communication skills in English both written and verbal.

Great to have Experience and Qualifications

• CISSP, CISM, or CISA certification
• (Internal) Consulting experience

Key Characteristics and Attitudes – valued by our employees