RecruitGibraltar are currently helping our client who is a long established and reputable gaming company who offer long term career growth, excellent salary, relocation assistance, and a rewarding working environment where you can make a real impact. They are looking for an experienced Information Security Officer to lead its governance and risk management programme to ensure the organisation adheres to compliance standards and internal policies. You will be responsible for developing and implementing an information security program, which includes controls designed to protect enterprise communications, systems and assets from both internal and external threats.
What is the plan for the Information Security Officer role?
Reporting to the Director of Compliance you will be responsible for the day-to-day operation of the company management system incl. the development, review, monitoring and enforcement of policies, processes and working practises across all aspects and levels of the business, as well as providing guidance on compliance matters. You will also focus on proactively improving the cybersecurity posture. In this role you will also collaborate with internal stakeholders with aim to increase cybersecurity awareness and reduce information security risks.
What will you do as a Information Security Officer?
Develop and oversee control systems including developing and maintaining information security policies and procedures, SOPs, and GDPR related documentation.
Production and ongoing development of a detailed roadmap to maintain and continuously improve the secure environment.
Evaluate the efficiency of controls and improve them continuously.
Monitor, assess and evaluate risks.
Carry out and respond to Security Incident Management and Response, establishing appropriate standards and controls, managing security technologies, and directing the establishment and implementation of policies and procedures.
Collaborate with business departments to monitor the enforcement of standards and regulations.
Assess the businesss future ventures to identify possible compliance risks
Review the work of colleagues when necessary to identify compliance issues and provide advice or training
Work with External Consultants as appropriate on required security assessments and audits with follow-up of issues identified through external assessments.
Keep abreast of regulatory developments within or outside of the company as well as evolving best practices in compliance control
Assist with implementation of regulatory security compliance projects.
Assist in the design of the security architecture of the systems and the security requirements.
Prepare reports for senior management and external bodies as appropriate
Periodically perform assessment and security compliance checks, including network penetration testing, and vulnerability scans.
Deliver information security training, awareness, and guidance to employees to raise security awareness and improve security performance.
Be on call to support the organisation with security incident response outside office hours.
What do you know that makes you a great Information Security Officer?
Have at least 3 years of experience in Information Security, including handling information security incidents and events, investigation and response
Proven experience in an information security role (including experience in penetration test and security audits).
Have experience with Endpoint protection solutions, Intrusion Detection and Intrusion Prevention Systems, Firewalls, Active Directory, Vulnerability Assessment tools, Security Information Event Management tools, and application security and vulnerability management.
Strong interpersonal skills, with the ability to communicate, influence and negotiate with senior stakeholders to obtain or leverage necessary resources.
The ability to deliver difficult messages and resolve issues to achieve results, whilst maintaining strong stakeholder engagement.
In depth technical level of understanding of infrastructure operations and software engineering, showing a strong understanding of relevant subject matter.
A deep understanding of vulnerability management and associated monitoring solutions and practices.
Experience of formal security risk assessment methodologies.
Information Security Professional CISSP, CISA, CISM
Technical Security Professional - OCSP / CEH certification
Good knowledge of OWASP
Good knowledge of information security incl. ISO 27001
Salary based on experience with bonus & an excellent relocation and benefits package.