Key Responsibilities
ISO 27001 Compliance
- Maintain, update, and continually improve the organization's Information Security Management System (ISMS).
- Conduct regular internal audits to verify compliance with ISO 27001 controls.
- Coordinate external certification and surveillance audits, including preparation of audit evidence.
- Develop and enforce information security policies, procedures, and control documentation.
- Perform risk assessments, identify vulnerabilities, and track remediation activities.
- Manage asset inventories, access control reviews, incident response testing, and business continuity activities as required by ISO 27001.
GDPR Compliance
- Ensure data processing activities align with GDPR principles and maintain appropriate documentation (RoPA, DPIAs, etc.).
- Support in responding to data subject requests (DSARs) and privacy inquiries and notices.
- Monitor data handling practices across the organization, ensuring lawful processing, retention, and deletion of personal data.
- Conduct Data Protection Impact Assessments (DPIAs) for new systems, projects, or vendors.
- Assist with data breach investigations, reporting, and notifications where required.
General Security Responsibilities
- Monitor security alerts, analyze threats, and coordinate responses with IT and engineering teams.
- Lead proactive security awareness training and phishing simulations for staff.
- Oversee vendor security assessments and ensure supplier compliance with contractual and regulatory requirements.
- Collaborate with development teams to ensure secure software development practices.
- Maintain incident response procedures and participate in incident handling activities.
- Prepare regular security reports and metrics for leadership and stakeholders.
Skills & Qualifications
- Experience in information security, IT governance, or compliance roles within a technology-driven organization.
- Excellent English Speaker (B2)
- Strong understanding of ISO 27001, GDPR, and related security standards/frameworks.
- Knowledge of security best practices, data protection principles, and risk management methodologies.
- Excellent analytical, communication, and documentation skills.
