about-project :

The Information Security Officer (Compliance Assurance) is responsible for maintaining and enhancing the organization’s information security compliance framework. This role would be a part of independent Quality and Compliance department, reporting directly to Head of Quality and Compliance. The assignment includes ensuring adherence to ISO/IEC 27001, TISAX standards, GDPR, NIS2, and other applicable regulations and standards. In addition to internal compliance, the role involves client-facing activities, providing consultancy on compliance and security matters, and conducting client-specific environment assessments to strengthen the security posture of client networks and systems. This person will work cross-functionally across departments and with clients to develop, implement, and monitor policies and procedures that uphold the organization’s security posture and compliance status.

responsibilities :

Conduct internal ISO/IEC 27001 audits, preparing for external audits, and maintaining ISO/IEC 27001 certification.
Support the maintenance of Spyrosoft Integrated Management System to ensure compliance with implemented standards and regulations.
Identify, analyze, and document compliance gaps, proposing and overseeing remediation efforts.
Draft, review, and update security policies, standards, and procedures to reflect changes in regulatory requirements and best practices
Participate in processes reviews, improvement initiatives
Prepare and present detailed reports on compliance status, audit findings, and mitigation progress for both internal and client environments.
Provide consultancy to clients on compliance with security standards and regulation.
Conduct security assessments within the client’s environment to evaluate compliance and security controls, providing actionable recommendations for improvement.
Serve as a trusted advisor to clients, responding to queries, supporting their compliance journey

requirements-expected :

3+ years of experience in information security, compliance, or risk management roles, preferably in a IT industry.
In-depth knowledge of ISO/IEC 27001 and InfoSec-related regulations (GDPR, NIS2, CRA)
Proven experience in conducting ISO/IEC 27001 audits (full scope) and maintaining an ISMS (controls assessment, nonconformity and corrective actions management, improvement actions facilitation)
Strong knowledge of GDPR requirements and best practices for data protection.
Familiarity with the NIS2 Directive
Familiarity and understanding of security tools like Firewall, WAF, EDR, SIEM, IDS/IPS, DLP, Vulnerability Scanners
Familiarity and experience with TISAX would be an advantage
Familiarity and experience in working with other ISO-based Management Systems would be an advantage
Fluent English
Strong analytical skills, with a keen eye for detail and a proactive approach to problem-solving.
Excellent communication skills, with the ability to clearly explain complex compliance requirements to technical and non-technical stakeholders.
Can-do attitude and willingness to learn
Ability to work independently and manage multi-contextual assignments
Strong ethical standards and commitment to maintaining the confidentiality and integrity of sensitive information.

offered :

Work from home or the office - Depending on the position, you can work remotely, from the office or in a hybrid model.
Top-of-the-line equipment - We provide the equipment that best suits your needs and the requirements of your role.
Training budget - Use your personal training budget to gain new skills and knowledge.
Internal initiatives - Take part in our knowledge-sharing meetups organised by and for tech enthusiasts.
Private health insurance - Keep your health in check with easy access to medical professionals.
Sports card - Keep your body in shape with access to multiple gyms, swimming pools and sports classes.

benefits :

responsibilities :