- Salary 65,000-85,000
- Contract Permanent
- Location Malta
- Reference 33331
Pentasia is currently recruiting an Information Security Manager for a provider of the software and technological solutions for the gambling sector to support the development of the data governance framework from data and information security perspective across the group of companies and to implement solutions and compliance programs to eliminate any current and future data and information security risks.
The successful candidate will be the subject matter expert in ICT and Information Security Assurance area, is an ambitious self-starter, with a proven track of Program Management experience, capability to work independently, strong analytical and organizational skills, and extensive knowledge in the UK and/or EU ICT and Information Security best practices and requirements.
The role will work directly with the regional tech teams, IT help desk, network support and legal and compliance functions to drive scalable Information Security solutions across the whole of Group’s systems and help maintain a “compliant status” in consideration of any applicable regulatory requirements and general commercial practices.
The role entails close collaboration with the legal function and providing advisory support on identifying and implementing the best solutions to ensure compliance with the data protection requirements across the EU, Balkans and the UK from the information security perspective.
Key role responsibilities will include:
- Perform analysis of existing and proposed IT systems to identify information security risks. Proactively identify critical points and opportunities for continual secure process simplification, create program efficiencies and systems improvement opportunities.
- Lead the design, development, implementation, and execution of compliance assurance testing, including in close collaboration with the product development team(s).
- Create clear compliance requirements for the Group on the basis of the existing systems, product range and planned business initiatives. Develop, maintain and continuously improve comprehensive, high quality & up-to-date Information Security program & associated policies and documentation, including security incidents management and response, access control and data breach notification(s) processes.
- Be a custodian of the data and usage risks when liaising with internal teams to help drive tools and process improvements that affect secure management workflows.
- Act as an owner of Information Security practices within the Group, ensuring compliance requirements are implemented and followed by all the teams.
- Provide Senior Management with adequate visibility of the entities’ Information Security risk exposure and remedial measures (where required). Review and assess the efficiency of the associated budgets.
- Provide advisory support to the legal function on implementation of data protection requirements from information security governance perspective; plan and implement best practice solutions and support ongoing Group wide data protection compliance practices and initiatives.
- Ensure Group’s information Security Policy is adhered to at all times and periodically conduct internal audits & reviews on controls & processes, including mandatory audits for the regulated businesses within the Group. Support legal function on audit(s) from and/or response(s) to the regulators where/as required on ongoing and/or ad hoc basis, assess regulators’ recommendation or requirements and implement best outcome focused remedial solutions.
- Maintain up-to-date knowledge and solid understanding of relevant UK/EU information security standards and regulations. Educates staff on information security policies, processes and procedures.
- Ultimately be accountable for the inventory and safeguarding of all information and data assets.
- 5+ years of experience in ICT and Information Security Assurance within fintech/payments, e-commerce or gambling companies within the second line assurance function in the UK and/or the EU. PMP /Prince Certification required. ITIL and/or relevant Industry certifications (CISSP, CISA etc.) will be strongly preferred.
- Prior experience in working with the engineering and product team(s). Demonstrable Project Management/Program Management experience.
- Operational knowledge of the Information Security Risk Management, Business Continuity Management, Cloud Computing, IT Outsourcing. Prior knowledge of and fluency with the information security expectations within the regulated industry in the UK and/or the EU, including relevant outsourcing regulations and GDPR and UK DP requirements. Practical experience in managing the implementation of Level 1 PCI DSS compliance requirements and/or achieving ISO certified status will be a distinct advantage.
- The successful candidate should have strong business and communication skills, able to influence senior stakeholders via data-driven and actionable insights with experience in advising, supervising, interpreting and communicating complex ICT and Information Security Regulations to a diverse audience.
- Ability to work with ambiguity, flexibility, and can-do/problem-solving attitude. Passion for achieving the best results through collaboration with multiple stakeholders.
- Competitive salary (based on experience);
- Team building activities;
- Every day fully paid meal with beverage when working in the office;
- Encouragement of innovation and support in personal and professional growth.
- Pension scheme, Private medical and dental insurance after probation
- Free parking
You can apply for the Information Security Manager role at Pentasia.