Information Security Specialist ISO in Constanţa

ISO (advanced) Summary:This position plays a crucial role in developing and maintaining strategic information security plans and risk management across the organization. As a member of the GRC (Governance, Risk, Compliance) team, you will work with key stakeholders across the business, including C-suite, department representatives and our customers and suppliers. This is not a behind-the-scenes role; we are looking for someone who will help lead the implementation of an information security program and have a significant impact on setting the security strategy across the business.  Responsibilities:Contribute to the development of security assessments and training programs to improve risk culture (e.g. third-party security risk assessments, service/cloud assessments, security awareness and end-user training)Work towards minimising Shadow IT by ensuring measurement and evaluation of user adoption for global information protection measures and that any new requirements for such measures are met through collaboration with relevant functions and business unitsPlan, develop and maintain an ISMS (Information Security Management System)Work towards and guarantee continued compliance with ISO27001 standardsSupport our legal and sales teams in responding to information security requests from prospective customers and information security aspects during contract negotiationsMonitor threat landscape, key risk indicators and critical controls to ensure that changes in the risk picture are captured and reported timelyProvide risk metrics and performance data to support the central reporting of overall cyber risk postureSupport the development of information assets inventory and vulnerability management program to ensure the assets and related threats are identified and remediatedWrite and assist in the review and approval of security-related documentation and support execution/follow-up of IT auditsCollaborate with the IT team on the DLP rule development lifecycle, including policy development, response rules, and maintenanceRequired Qualifications:Minimum 3 years of security-related work experienceExperience in technology risk management with practical knowledge in designing, implementing, and testing controls in an international, fast-paced organization In-depth familiarity with the ISO 27001:2013 and SOC2 standardsAbility to maintain an Information Security Management System and oversee Security Awareness ProgramsExperience in conducting on-site audits and managing the entire lifecycle for risk treatment and corrective action plansExcellent English verbal and written communication skills Proactive, independent, and pragmatic team player with a high level of commitment and performance orientationPreferred Qualifications:Formal information security certifications or qualifications (e.g. BSc or MSc in Information Security, CISSP, CISM, CRISC, ISO27001 Lead Implementer/Auditor)Knowledge of international compliance laws, rules, regulations, and risksUnderstanding of cloud-native and CI/CD environments; with the corresponding IAM and DLP solutionsExperience managing multiple objectives, schedules, and deliverablesEmployment Type: B2BEmployee stock optionsPaid days to balance your work and life in a way that suits you bestLocation: Fully remote forever (with a possibility to work from a co-working office)Career growth: Promotion and great development opportunities within the organization