Information Security and Compliance Officer

Summary

Join Unit4, a fast-paced, high-growth company in the cloud ERP software space, as their Information Security and Compliance Officer. This remote role (Portugal, Poland, or Spain) focuses on maintaining effective risk management through the Information Security Management System (ISMS) and ensuring ongoing certifications (ISO 27001/2017, SOC1/2, C5, ISO 9001). You will liaise with various departments, lead penetration testing oversight, participate in ISMS implementation and maintenance, and support compliance monitoring and improvement activities. The ideal candidate possesses around 5 years of experience in IT or audit, strong communication skills, and a working knowledge of relevant regulations. Unit4 offers a culture of trust, flexible work arrangements, and various employee benefits.

Requirements

Around 5 years of professional experience in IT or audit related roles

Responsibilities

• Liaise with related functions (particularly IT, Cloud Operations, R&D, Product Development) plus senior and middle managers throughout the organization as necessary, on information security matters such as secure processes, emerging security risks and controls
• Lead on Penetration Testing oversight and technical reviews of various technologies and solutions across Unit4
• Participate in the implementation, operation, support and maintenance of the Information Security Management System based on the ISO/IEC 27000 series standards, including maintaining our certifications against ISO/IEC 27001, 27017, SOC1 and SOC2 as well as expansion as needed
• Participate in the preparation and the implementation of necessary information security policies, standards, procedures and guidelines, in conjunction with the Security Committee to get appropriate approvals and feedback
• Support the operation of related compliance monitoring and improvement activities to ensure compliance with both internal security policies etc. and working with the Legal teams to ensure that applicable laws and regulations are met
• Support departments and help manage projects for implementation of information security management system
• Support information security awareness, training and educational activities
• Support information security risk assessments and implement appropriate controls

Preferred Qualifications

• Working knowledge of the Information Security elements of EU DORA, EBA, NIS2, C5 and other relevant regulations to a global SaaS company
• Experience of organizing and carrying out Internal Information Security Audits with the primary aim of identifying Information Security Risks
• Maintenance, support and development of an ISMS which is compliant with ISO 27001 / ISO2017 / SOC1 / SOC2 / C5
• Experienced in completing security risk assessments and tracking remediation efforts
• Broad technical understanding of Information Technology and SDLC with sufficient knowledge to be able to audit processes and procedures and work with technical personnel
• Understanding and experience managing / overseeing the Penetration Testing process with technical stakeholders and Penetration Testing companies
• Good understanding of generic end to end business processes (ideally for a SaaS company)
• Experience of working in a fast paced international company
• Fantastic English speaking communication skills: ability to articulate & simplify security concepts
• Good awareness of handling cultural differences when working with international colleagues
• Must be able to work autonomously to ensure that role requirements are met
• Experience of ISO9001 Quality standard is also desirable
• 2+ years demonstrable experience of a certified ISMS
• Ideally Graduate Level with a Batchelor in a computer science or security related subject
• CISSP / CISA / CISM / CRISC etc. certifications are valued – but not essential

Benefits

• A culture built on trust - giving you the freedom and autonomy to be successful
• Balance - with our uncapped time off policy, remote working opportunities and Global Wellbeing Days when the whole company can switch off and prioritize well-being
• Talented colleagues, role models and mentors - work, learn and be inspired by some of the best talent in the software industry
• A commitment to sustainability - with initiatives such as our Act4Good program, a way for everyone at Unit4 to come together and engage in actions that benefit society and the planet
• A safe and inclusive working environment – supported by our Employee Resource Groups, which are open to all and include Women at Unit4, Pride at Unit4, Mental Health and Access at Unit4, and People of Color at Unit4