Full-Time Information Security and Compliance Officer

Information Security and Compliance Officer

Maintain effective risk management through the Information Security Management System (ISMS) and ensure ongoing certification.

Maintain information security policies, conduct internal audits, provide training, and review information security arrangements.

Work with the CISO and other team members to expand the existing ISMS and Quality Framework.

Manage and ensure all actions are completed to maintain certification to ISO 27001, ISO 2017, SOC1, SOC2, C5, and ISO 9001.

Liaise closely with SMEs and participate in monthly ISMS committee meetings.

Liaise with related functions (IT, Cloud Operations, R&D, Product Development, senior and middle managers) on information security matters, secure processes, emerging security risks, and controls.

Lead on penetration testing oversight and technical reviews of technologies and solutions across Unit4.

Implement, operate, support, and maintain the ISMS based on ISO/IEC 27000 standards, maintaining certifications against ISO/IEC 27001, 27017, SOC1, SOC2, and expansion as needed.

Participate in preparing and implementing information security policies, standards, procedures, and guidelines, in conjunction with the Security Committee for approvals and feedback.

Support compliance monitoring and improvement activities to ensure compliance with internal policies and regulations, and work with Legal teams to ensure compliance with applicable laws.

Support departments and manage projects for ISMS implementation.

Support information security awareness, training, and educational activities.

Support information security risk assessments and implement appropriate controls.

Desirable Experience: Working knowledge of EU DORA, EBA, NIS2, C5, and other relevant regulations; experience organizing and conducting internal information security audits; experience maintaining, supporting, and developing an ISMS compliant with ISO standards; experience completing security risk assessments and tracking remediation efforts; broad technical understanding of IT and SDLC; understanding and experience managing penetration testing; good understanding of generic end-to-end business processes; experience working in a fast-paced international company; excellent English communication skills; ability to articulate and simplify security concepts; awareness of cultural differences; ability to work autonomously.

Experience: 5+ years of professional experience in IT or audit-related roles; 2+ years of demonstrable experience with a certified ISMS.

Education: Ideally, a graduate-level bachelor's degree in computer science or a security-related subject.

Certifications: CISSP, CISA, CISM, CRISC (valued but not essential).

Benefits: A culture built on trust, uncapped time off policy, remote working, global wellbeing days, talented colleagues, role models, and mentors, commitment to sustainability (Act4Good program), and a safe and inclusive working environment.

What is the last date for applying to the job?

Which countries are accepted for this remote job?