Information Security Risk Officer
Limassol / Nicosia / Athens / Thessaloniki
Engineering – Information Security /
Full-time /
Hybrid
Information Security Risk Officer
The role:
Join our dynamic Information Security GRC team to play a crucial role in strengthening our business operations. As a key member, you'll enforce our Information Security Framework, conduct internal risk assessments, and collaborate your line manager to define assessment scopes. Your responsibilities will include: review internal systems, processes, and procedures, record risks, and prepare insightful reports. Additionally, you'll contribute to Information Security projects, ensuring state-of-the-art solutions in line with regulatory requirements and best practices. This is an opportunity to make a significant impact in a forward-thinking environment, safeguarding our business while driving innovation in Information Security. Join us for a fulfilling journey!
The main responsibilities of the position include:
- Plan and execute technical and targeted risk assessments in IT infrastructure, applications, technologies, and third parties
- Assess internal controls, processes, and policies related to Information Technology and Security, identify deficiencies, and develop remediation strategies
- Perform risk analysis on current risks and identify potential risks at operational, tactical, and strategic level
- Perform risk evaluation on previously handled risks and compare mitigation approaches to potential risks
- Maintain the risk register and the Information Security Risk Management Program
- Identify information security risks and make recommendations that are appropriate, practical, and cost-effective
- Manage and monitor the progress of remediation steps on risk assessment findings
- Prepare comprehensive reports summarising the actions taken for to remediate identified risks
- Provide regular reports and metrics on the security posture of the company
- Act as the escalation point of the information security department for any information security related risks
Main requirements:
- BSc/MSc in Information Security or any other relevant degree
- At least 3 years of work experience in information security risk management and information security risk assessment
- Technical knowledge of operations, physical, network, host and application security, as well as security architecture, virtualisation, and cloud infrastructures
- Good understanding of security regulations and frameworks, such as ISO 27005, ISO 27001, NIST CSF and 800-53, DORA, GDPR, etc
- Risk-related certifications, such as CRISC, CGRC, and CISSP, are a plus
- Ability to work autonomously with minimum supervision and to integrate well within a team
- Ability to articulate security risks and communicate effectively to various levels of management
- Self-motivated, proactive, and efficient
- Ability to work under pressure in a fast paced environment
- Strong interpersonal, organisational, and project management skills
- Excellent communication skills with the ability to explain technical concepts to a non-technical audience.
- Excellent written and verbal skills in English
Benefit from:
- Attractive remuneration package
- Private health insurance
- Corporate pension fund
- Intellectually stimulating work environment
- Continuous personal development and international training opportunities
The Hiring Experience: What Awaits You
- Let’s Connect – Intro Chat with Talent Acquisition
- Deep Dive – First Interview with Your Future Team
- Final Connection – Final Interview
All applications will be treated with strict confidentiality!
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
