The Information Security Analyst will be responsible for supporting information security, cybersecurity and IT risk management based on industry-accepted information security and risk management frameworks. The individual will facilitate the development and maintenance of Company’s information security management system (ISMS).
- Facilitates the continuous development, implementation and update of security policies, procedures and standards
- Performs assessments to ensure compliance with corporate information security policies and procedures/ standards
- Facilitates and monitors the implementation of corporate disaster recovery and business continuity strategy (BCP/DRP) and participates in the execution of the annual DRP/BCP tests
- Develops information security awareness material
- Ensures that corporate systems have adequate information security controls to ensure compliance with regulatory frameworks
- Participates in the design of new applications/ systems, to ensure information security-related requirements are met
- Performs physical security reviews to determine whether the existing or proposed company facilities are adequately protected
- Facilitates incident response, planning/ testing and investigation activities for incident handling, complaints received from authorities, customers, third parties
- Ensures the implementation of the required remediation actions arising from the findings identified from internal, external auditors, or regulatory bodies
- Monitors and manages daily information security tickets/ issues and prepares annual and quarterly Information Security Reports.
- Supports the development, implementation, and monitoring of a strategic, comprehensive enterprise information security and IT risk management program, under the supervision of the Information Security Manager
- Supports third party management activities (i.e., review of RFPs/ contracts/ SLAs/ NDAs, evaluate security level of third parties, etc.)
Education, Skills and Experience
- Bachelor’s degree in business administration or a technology-related field required. Master’s in security field will be considered an asset
- Professional certifications such as CISSP, CISM, CISA, ISO27001 LI/LA will be considered an asset
- Up to three (3) years of related work experience in a combination of risk management, information security and IT
- Understanding of information security management frameworks, such as ISO/IEC 27001, NIST 800-53, etc.
- Understanding of laws and regulations including but not limited to GDPR, PCI DSS, etc.
- Experience with Cloud computing across virtualized environments
- Excellent verbal and written communication skills in English and Greek
- Strong interpersonal skills and ability to effectively communicate at all levels
- Strong organizational skills
- Problem solving ability
- Strong analytical and research skills
The company offers a competitive remuneration package and excellent career prospects within a stimulating and growing working environment.