Information Security Officer
Berlin or Remote Germany
SR&C /
Full-time /
Hybrid
The Information Security Manager will be the subject matter expert in all aspects of information security and cyber security in UK and Germany. They will be the lead role in ensuring compliance with Information Security standards ISO 27001 and PCI DSS and managing the continued development, implementation, monitoring and control of information and data governance.
The role requires a hands-on manager who has direct experience in understanding ISO 27001, PCI DSS and personally identifiable information (PII) in a cloud environment. Experience is also required in working with business and technology teams on how to manage and secure information assets. The role includes the implementation of the Digital Operational Resilience Act (DORA). Ideally, the candidate will also take on the position of data protection officer (DPO).
What you'll do on a day2day basis
- Manage the design, delivery and development of the Information Security Management System and Cyber Security Programme to ensure it comprehensively meets current business needs and evolves to provide clear added value
- Develop and continually evolve Token’s Information Security strategy and Cyber security strategy and ensure that there is quantifiable progress in applying
- Own, review and contribute to information security policies and associated procedures and standards
- Develop the operational processes and controls, and assess their effectiveness in mitigating Information Security and Cyber Security risks faced by Token
- Monitor and enforce the information security policies and technologies for all Token business processes, systems and infrastructure
- Support the business with the creation and maintenance of data protection registers to monitor and track data sharing arrangements, data retention policies, breach notification, ICO registrations and effective asset management and disposal.
- Lead the development of the security risk management and control systems
- Facilitate the remediation of identified vulnerabilities for IT security and IT risk
- Support data discovery exercises to ensure all personally identified information is identified and monitored.
- Conduct regular and ongoing monitoring of and reporting on Token’s compliance with external information security standards, regulations and policies, for example ISO 27001, PCI DSS, Cyber Essentials Plus and DORA.
- Liaise with the technical teams to ensure data requirements are captured during Agile development process
- Liaise with SRE’s to ensure that sensitive data is stored and monitored appropriately
- Liaise with 3rd parties that may store sensitive data on behalf of Token, ensuring that the data is stored and monitored appropriately
- Act as the project manager/lead on IT security for projects providing subject matter expertise and technical knowledge in the areas of information security and data protection to the Token
- Support Privacy Impact Assessments on new products/services and complete Data Protection Audits on business functions and key risk areas
- Promote user education awareness of applicable regulatory standards, upstream risks and industry best practices
- Communicate and engage with multiple stakeholders (all the way to senior level) on information security compliance and cyber security controls; and
- Proactively monitor changes to relevant legislation/standards, communicating and managing changes as they apply to the business
Key Performance Indicators
- Achieving ISO 27001:2017 certification and Cyber Essentials Plus
- Achievement of deliverables on IT Security
- Continual Improvement plans as agreed by the Security Committee
- Ensuring Token’s annual information security and cyber security monthly activity is delivered by all responsible parties
- Appropriate security governance procedures are implemented and adhered to
- Appropriate security technologies as defined in agreed strategies are implemented successfully
- Mitigate known security risks
What knowledge, skills and experience you need to be successful in this role
- The role will suit an individual who has a passion to develop their own skills and knowledge in Information Security and Cyber Security compliance
- a proactive person who is a ‘hands on’ starter/finisher, that is driven, enjoys responsibility and achieving results
- highly organised person in their ability to manage and prioritise workload, adept at operating effectively within a fast-paced organisation while delivering through influencing and relationships
- Experience managing Security in a cloud native environment e.g. AWS, Azure is an essential attribute for any candidate
- Bachelor's degree or Masters in Information Security or Cyber Security or related field experience
- CISSP and/or CISSM or in the process of achieving these certifications
- Good technical knowledge of security in hosted Cloud environments e.g. Google, AWSTechnical knowledge of information security compliance (ISO 27001:2017, PCI DSS, Cyber Essentials), data security and IT security arrangements
- Knowledge of Privacy and Data Protection legislation
- Practical application of information security and/or data protection compliance within SME organisations and FinTechs
- Strong technical skills relevant to Information Security such as data encryption, secure data transmission, secure data consumption and risk analysis
- Analytical and detail-oriented
- Strong understanding of security technologies and best practices
- Senior stakeholder management
Open to all
Token is building an open future for everyone.
We don’t just accept different points of view, lived experiences and new ways of thinking — we search them out. They help us make better products, better decisions, and a better place for everyone to work.
So, come as you are.
We acknowledge and embrace different backgrounds, identities and abilities. Respect is our default, and empathy is our baseline.
No one succeeds until we all do.
