Information Security Officer

1. ISMS Governance & Documentation

• Develop, maintain, and improve ISMS documentation, including policies, procedures, and operational processes.
• Focus on Risk Acceptance Forms (RAF), non-conformity management, and configuration management processes.
• Ensure version control, consistency, and accessibility of all ISMS documentation.
• Support policy and procedure updates in response to regulatory, technological, or organizational changes.

2. Risk Management

• Maintain and monitor the risk register, follow up on accepted risks and RAFs, and track changes in threats and vulnerabilities.
• Update risk assessments following security incidents, audits, or significant changes.
• Track risk treatment plans from penetration tests, security assessments, and compliance reviews, ensuring timely implementation.

3. Compliance & Audits

• Analyze audit results and risk treatment plans, reporting findings to the CISO and stakeholders.
• Prepare and support internal audits in collaboration with the CISO.
• Follow up on non-conformities and coordinate corrective actions.

4. Security Controls Monitoring

• Monitor access controls and user permissions, initiate and follow up on access recertification campaigns.
• Verify backup integrity and assess disaster recovery and business continuity readiness.

5. Incident Management

• Support the handling of information security incidents.
• Collaborate with SOC analysts and operational teams during incident response.
• Document lessons learned from incidents for risk management and ISMS improvement.

6. Awareness & Training

• Support the organization, follow-up, and reporting of information security awareness activities.
• Track completion of mandatory security training in coordination with HR.

7. Continuous Improvement

• Monitor and analyze security KPIs and metrics.
• Prepare ISMS management review meetings and present outcomes to the CISO and stakeholders.
• Contribute to the continuous improvement of the information security framework.

Additional Responsibilities:

• Depending on knowledge and availability, support other activities within the Security team.
• May take on a Business Information Security Officer (BISO) role, supporting business departments, defining security requirements, and managing information security risks in line with the Security by Design principle.

• Strong hands-on experience in maintaining and operating an ISMS in accordance with ISO/IEC 27001.
• Proficiency in risk management, compliance, and audit processes.
• Excellent documentation and communication skills.
• Ability to work collaboratively with various teams and stakeholders.

Desired Skills:

• Experience in security controls monitoring and incident management.
• Familiarity with information security awareness and training programs.
• Strong analytical skills and attention to detail.