Information Security and Compliance Officer Lisboa

Information Security and Compliance Officer
Lisboa
Lisboa, Lisboa, Portugal

Social network you want to login/join with:

Information Security and Compliance Officer, Lisbon

Client:

Unit4

Location:

Lisbon, Portugal

Job Category:

Other

EU work permit required:

Yes

Job Reference:

563e9122b35d

Job Views:

4

Posted:

10. 02. 2025

Expiry Date:

27. 03. 2025

Job Description:

The purpose of the Information Security and Compliance Officer is to maintain effective risk management through the Information Security Management System and ensure ongoing certification by maintaining information security policies, conducting internal audits, providing training and reviewing information security arrangements.

The Information Security and Compliance Officer will work with the CISO and other team members in expanding the existing ISMS and Quality Framework. The role holder will participate in the management of and ensure all actions are completed to maintain certification to ISO 27001 / ISO2017 / SOC1 / SOC2 / C5 and also ISO9001. The role holder will liaise closely with SMEs who are globally geographically spread and participate in the monthly ISMS committee meetings.

Job Responsibilities:

1. Liaison with related functions (particularly IT, Cloud Operations, R&D, Product Development) plus senior and middle managers throughout the organization as necessary, on information security matters such as secure processes, emerging security risks and controls.
2. Lead on Penetration Testing oversight and technical reviews of various technologies and solutions across Unit4.
3. Participate in the implementation, operation, support and maintenance of the Information Security Management System based on the ISO/IEC 27000 series standards, including maintaining our certifications against ISO/IEC 27001, 27017, SOC1 and SOC2 as well as expansion as needed.
4. Participate in the preparation and the implementation of necessary information security policies, standards, procedures and guidelines, in conjunction with the Security Committee to get appropriate approvals and feedback.
5. Support the operation of related compliance monitoring and improvement activities to ensure compliance with both internal security policies and working with the Legal teams to ensure that applicable laws and regulations are met.
6. Support departments and help manage projects for implementation of information security management system.
7. Support information security awareness, training and educational activities.
8. Support information security risk assessments and implement appropriate controls.

Desirable Experience:

1. Working knowledge of the Information Security elements of EU DORA, EBA, NIS2, C5 and other relevant regulations to a global Saa
   S company.
2. Experience of organizing and carrying out Internal Information Security Audits with the primary aim of identifying Information Security Risks.
3. Maintenance, support and development of an ISMS which is compliant with ISO 27001 / ISO2017 / SOC1 / SOC2 / C5.
4. Experienced in completing security risk assessments and tracking remediation efforts.
5. Broad technical understanding of Information Technology and SDLC with sufficient knowledge to be able to audit processes and procedures and work with technical personnel.
6. Understanding and experience managing / overseeing the Penetration Testing process with technical stakeholders and Penetration Testing companies.
7. Good understanding of generic end to end business processes (ideally for a Saa
   S company).
8. Experience of working in a
   - paced international company.
9. Fantastic English speaking communication skills: ability to articulate & simplify security concepts.
10. Good awareness of handling cultural differences when working with international colleagues.
11. Must be able to work autonomously to ensure that role requirements are met.
12. Experience of ISO9001 Quality standard is also desirable.

Qualifications:

Mandatory:

1. 5+ years of professional experience in IT or audit related roles.

Desirable:

1. 2+ years demonstrable experience of a certified ISMS.
2. Ideally Graduate Level with a Bachelor in a computer science or security related subject.
3. CISSP / CISA / CISM / CRISC etc. certifications are valued – but not essential.

Additional Information:

Join Unit4 and you’ll be part of one of the most exciting journeys in the cloud software space today. We’re a
- paced and
- growth
- centric cloud player offering a host of benefits & development opportunities for individuals serious about their career!

Interested in our role?

If you are a confident Security Practitioner who can hit the ground running, we would love to hear from you!