IT Security Officer

Summary

Join Nivoda, a fast-scaling global B2B marketplace for diamonds and gemstones, as an IT Security Officer. You will play a hands-on role in identifying and resolving control gaps, designing and implementing security solutions, and collaborating with various teams. This position requires end-to-end ownership of security initiatives, from identification to implementation. You will conduct IT control assessments, strengthen system security, ensure PII data and GDPR compliance, build business continuity plans, improve security monitoring, and manage vendor risk. The ideal candidate possesses at least 3 years of experience in IT security, business continuity, or IT risk management, and thrives in a fast-paced, high-growth environment. Nivoda offers a remote working environment, flexible hours, unlimited holiday, and the opportunity to significantly impact the company's success.

Requirements

• Minimum 3 years experience in IT Security, business continuity management, and/or IT Risk Management
• You can turn and explain a complex situation into something simple, strong, and scalable
• Work fast and get things done — without compromising on detail
• Speak the language of both tech and operations
• Thrive in a high-growth, high-trust environment where execution matters

Responsibilities

• Drive End-to-End Security Solutions: Own and execute IT security and business continuity risk initiatives from identification to implementation. Don’t just flag issues — fix them by collaborating across teams and seeing solutions through to resolution
• IT Control Design & Testing: Conduct deep-dive IT control assessments and test the design and operating effectiveness of IT and Security controls across the business. Translate findings into smart, practical improvements that teams can actually adopt
• Strengthen System Classification & Security: Run CIA assessments to classify systems and test appropriate security controls are in place. Work with system owners, Engineering, Data and Product to ensure controls are designed and implemented, not patched later
• Security of PII data and GDPR Compliance : Work closely with engineering, system owners and infrastructure teams to ensure security controls around PII data are correctly implemented within IT systems—through privacy design reviews, technical validations, and periodic audits of access, encryption, logging, and data handling configurations
• Build and Own Business Continuity Plans: Improve, test and maintain Business Continuity and Disaster Recovery Plans (BCP/DRP) across critical functions. Run regular scenario-based continuity tests to validate readiness, backup effectiveness and recovery times. Ensure teams know what to do — and that it actually works when tested
• Improve Security Monitoring and Incident Readiness: Support implementation and build reporting of security monitoring tools (e.g., SIEM, endpoint protection, access logs). Work with engineering to define indicators of compromise (IoCs) and automate alerting and follow up. Participate in incident response and continuously improve playbooks
• Control Security Vendor Risk with Confidence: Evaluate third-party providers, own and perform IT Security risk assessments for contract owners, and make sure we have real continuity, not just paper guarantees

Preferred Qualifications

• Experience in a start or scale up is preferred
• Certifications such as CISM, CISA, ISO27001, CBCP, or CDRE are desirable

Benefits

• Opportunity to join us at a dynamic growth phase, where your contributions can have a significant impact on shaping the company's future success
• Exposure to senior leadership and the opportunity to contribute to strategic decision-making
• Remote working environment
• Flexible working
• Unlimited holiday
• Fast-paced and global working environment