We are seeking a highly skilled Information Security Officer to lead our organization’s security strategy, governance framework, and risk management initiatives. The ISO will ensure the protection of information assets, maintain compliance with regulatory requirements, and build a strong security culture across the company.

Role Responsibilities

Information Security Governance

• Establish and maintain the organization’s information security governance framework.

• Develop and maintain an information security strategy aligned with organizational goals and regulatory provisions (DORA).

• Prepare business cases supporting security investments.

• Identify internal/external factors affecting the security strategy.

• Define and monitor security metrics (KPIs, KRIs, KGIs).

• Develop and maintain security policies, standards, procedures, and guidelines.

• Report on security performance metrics to senior management and the Board of Directors.

Information Risk Management & Compliance

• Implement an information asset classification framework.

• Conduct risk assessments, vulnerability assessments, and threat analyses.

• Identify risk gaps and propose risk treatment options.

• Develop and implement security controls.

• Monitor changes in the risk landscape and report risks.

• Support compliance with legal, regulatory, and internal requirements.

Information Security Program Development & Management

• Establish and manage a holistic information security program.

• Integrate security requirements into third‑party contracts.

• Define and manage internal/external resources supporting security.

• Maintain security documentation (standards, procedures, guidelines).

• Run security awareness and training initiatives.

• Align program operations with organizational security architecture.

Information Security Incident Management

• Define security incident categories and severity levels.

• Establish processes for detection, investigation, documentation, and response.

• Ensure escalation and notification procedures.

• Conduct post‑incident reviews to enable continuous improvement.

• Integrate incident response with disaster recovery and business continuity.

• Train and equip incident response teams.

Knowledge, Skills & Experience

• Bachelor’s degree in Information Security, Computer Science, or related field.

• Preferred certifications: CISM, CISSP, CRISC, ISO 27001 Lead Implementer/Auditor.

• Proven experience in governance, risk, and incident response.

• Understanding of regulatory requirements and cybersecurity best practices.

• Strong communication and stakeholder management skills.

What We Offer

Our goal is to attract and retain talented professionals and ensure a positive and supportive work environment. We offer:

• The opportunity to work in a leading insurance company with strong positioning in the local market

• A competitive compensation package aligned with qualifications and experience

• Hybrid working model

• Health insurance plan for the employee and eligible family members

• Continuous training and professional development opportunities

• Nursery / childcare allowance

• Preferential rates on Eurolife FFH insurance products