XM

Information Security Risk Officer

Limassol, Cyprus
February 6, 2024
Application ends: July 18, 2024
Apply Now
Deadline date:
July 18, 2024

Job Description

Information Security Risk Officer – Cyprus

The Role:

Join our dynamic Information Security GRC team to play a crucial role in strengthening our business operations. As a key member, you’ll enforce our Information Security Framework, conduct internal risk assessments, and collaborate with the CISO to define assessment scopes. Your responsibilities will include reviewing internal systems, processes, and procedures, recording risks, and preparing insightful reports. Additionally, you’ll contribute to Information Security projects, ensuring state-of-the-art solutions in line with regulatory requirements and best practices. This is an opportunity to make a significant impact in a forward-thinking environment, safeguarding our business while driving innovation in Information Security. Join us for a fulfilling journey!

Main Responsibilities:

  • Plan and execute technical and targeted risk assessments in IT infrastructure, applications, technologies, and third parties.
  • Assess internal controls, processes, and policies related to Information Technology and Security, identify deficiencies, and develop remediation strategies.
  • Perform risk analysis on current risks and identify potential risks at operational, tactical, and strategic levels.
  • Evaluate previously handled risks and compare mitigation approaches to potential risks.
  • Maintain the risk register and the Information Security Risk Management Program.
  • Identify information security risks and make recommendations that are appropriate, practical, and cost-effective.
  • Manage and monitor the progress of remediation steps on risk assessment findings.
  • Prepare comprehensive reports summarizing actions taken to remediate identified risks.
  • Provide regular reports and metrics on the security posture of the company to the CISO.
  • Act as the escalation point for any information security-related risks within the information security department.

Main Requirements:

  • BSc/MSc in Information Security or a relevant degree.
  • At least 3 years of experience in information security risk management and risk assessment.
  • Technical knowledge of operations, physical, network, host, and application security, as well as security architecture, virtualization, and cloud infrastructures.
  • Good understanding of security regulations and frameworks, such as ISO 27001, ISO 27005, NIST CSF and 800-30, GDPR, etc.
  • Certifications such as CRISC, CGRC, and CISSP are a plus.
  • Ability to work autonomously with minimal supervision and integrate well within a team.
  • Ability to articulate security risks and communicate effectively to various levels of management.
  • Self-motivated, proactive, and efficient.
  • Ability to work under pressure in a fast-paced environment.
  • Strong interpersonal, organizational, and project management skills.
  • Excellent communication skills, with the ability to explain technical concepts to a non-technical audience.
  • Excellent written and verbal skills in English.

Benefits:

  • Attractive remuneration package, plus performance-related rewards.
  • Private health insurance.
  • Corporate pension fund.
  • An intellectually stimulating work environment.
  • Continuous personal development and international training opportunities.

Type of Employment:

  • Full-time

Location:

  • Limassol or Nicosia