col-wideJob Description:
Our client is a company that is expanding greatly in the energy market and is one of the largest methanol producers in the world. They work on EPC projects in various parts of the world.
Responsabilities:
Governance
Create, update, and distribute Information Security policies to adapt to business and regulatory changes.
Assist with regular updates on the status of security controls and measures.
Help with the documentation and communication of security controls, including their functionality and enhancement.
Assess training needs and aid in developing information security training materials and resources.
Conduct regular information security awareness and training sessions for both internal and external stakeholders.
Contribute to our client´s information security communication strategy by providing updates and announcements through established communication channels (e.g., intranet, newsletters).
Assist in designing, implementing, operating, and maintaining the Information Security Management System (ISMS).
Aid stakeholders in identifying, understanding, and addressing regulatory requirements and obligations (e.g., Privacy GDPR, Resilience NIS2, Data Protection).
Contribute to creating and implementing the Information Security Business Continuity Plan.
Risk Management
Help improve the Risk Management Process.
Maintain the risk register/evaluation and conduct regular risk assessment sessions.
Support the design and implementation of operational and administrative security controls.
Conduct security and risk assessments for new projects and assist business teams in applying treatment measures.
Support and assist stakeholders with risk-related topics and inquiries.
Compliance
Assist in managing information security requirements for existing security/IT solutions.
Support internal and external audit processes for ISO 27001, including interactions with auditors and certifying entities, scheduling audits, and maintaining related ISMS records.
Plan and organize internal policy compliance audits and technical compliance audits according to the organization's information security framework.
Aid in coordinating and following up on the execution of risk treatment plans.
Required Skills and Experience:
Degree in Computer Science or a related technology field, or at least 3-5 years of experience in an information security role.
Strong knowledge of various information security frameworks (e.g., ISO/IEC 2700x, NIST CSF).
Excellent interpersonal and analytical skills, with the ability to influence others in an advisory capacity.
Capability to educate and engage non-technical audiences on information security matters.
Robust understanding of current data protection, privacy, and other information security regulations (e.g., GDPR, NIS2, DORA).
Outstanding English communication skills, both verbal and written.
Optional
Information Security Certifications are advantageous (e.g., ISO 27001 Lead Implementer, CRISC, CISA, CISSP).
Experience in non-information security areas (e.g., Finance, Human Resources, Marketing) will also be considered.