Security Officer - Role Description

The Information Security Officer is responsible for delivering the security strategy objectives within the company and further enhance a security system that targets and addresses security and privacy risks and security requirements.

Responsibilities of this role include:

  • Work with the CEO and other ISMS/QMS team members to build on a strategic information security management system that address the security risks, ensures integrity, confidentiality and availability of the information owned and controlled within the company.
  • Initiate and promote activities to foster the information security awareness within the company.
  • Responsible for the system access in conformity with the ISMS standards and compliance requirements.
  • Manage security incidents which may result in privacy breaches.
  • Responsible for information security risk assessment, mitigation, and remediation, as part of the security risk management plan.
  • Review and adjust security policies and procedure.
  • Lead the preparation of information security audits, together with other ISMS team members.
  • Together with other ISMS team members advise on security related issues to all the members of the company.

Competencies of this role include:

  • Demonstrated experience representing an organization’s information security program.
  • Ability to exercise good judgment.
  • Experience implementing cloud security technologies, including encryption, network security, intrusion detection, cloud monitoring, and digital forensics.
  • Outstanding surveillance and observation skills.
  • Good communication skills with an ability to build strong narratives to highlight the importance of security to employees internally and customers/shareholders externally, including both technical and non-technical audiences.

Security

Company holding (or in process of obtaining) an ISO27001 certificate, meaning that all team members will need to comply to set Information Security Management System (ISMS) rules and procedures. These rules will be communicated during onboarding and can be subject to change. Yearly, a Security Awareness training is organized for all team members and changes will be internally communicated when needed.