Senior Information Security Officer
Duties & Responsibilities:
- Establish, document, and distribute security incident responses and escalation.
- Monitor and analyze security alerts and instruct relevant teams to solve the issue.
- Identify risks and advise on how to mitigate risks.
- Periodically review administration of user accounts including additions, deletions, and modifications.
- Review and monitor all access to data.
- Ensure continuous control of compliance is achieved. Steer and compel if compliance is not met.
- Assess all information security based on strategic goals.
- Advise how to improve our security framework.
- Function as an internal consulting resource on information security.
- Facilitate external third party security audit reports (e.g. ISAE 3402 Type II, SOC 2, ISO/IEC 27001, HIPAA) and guide all applicable audits.
- Function as an internal auditor on the security framework within Mendix.
- Act as a security point of contact and share knowledge within the team or unit.
- High level of initiative and self-direction.
- 3-5 years experience in a position with significant information security responsibilities.
- Independent and active information security certification is required, information security certification like CISM, CISSP is preferred.
- IT related Bachelor’s or Master’s degree or relevant experience in this field.
- Experience with industry compliance and security standards and regulations including PCI DSS, ISO/IEC 27001, HIPAA, GDPR and SOC 2.
- Excellent communicator in English.
- Have excellent communication and interpersonal skills.
- Technical knowledge preferred.
- Experience with a Governance, Risk and Compliance tooling is a plus.