Information Security Officer

Posted:
9/12/2024, 5:00:00 PM

Location(s):
Valencia, Valencian Community, Spain ⋅ Valencian Community, Spain

Experience Level(s):
Mid Level ⋅ Senior

Field(s):
IT & Security

We are the Mimacom-Flowable Group. Our digital products enable businesses to achieve faster, simpler, and more impressive results. In banking, retail, manufacturing, healthcare, and other sectors. Our software solutions reach 50 million users - every day.

Behind each of our products is a brilliant group of people who share the same values and work together to create innovative solutions for real problems. As part of the Information Security Team in the company, you will be the co-owner and driver of multiple security standards and frameworks, such as ISO27001, TISAX, ISAE3402 or SOC2 Type 2 and shape the IS strategy, projects and processes.

Join our team as Information Security Officer in Valencia and let's create something great together!

What you’ll be doing:

  • Develop and maintain a strategic, comprehensive and pragmatic enterprise information security system compliant with ISO-27001 and ISO-9001.
  • Proactively improve the risk management system and business continuity management at group level and help the business units in their implementations.
  • Identification and management of security incidents together with IT, legal and business departments, including not only short-term reactive and proactive measures but also strategic projects (incl. budget planning and responsibility).
  • Lead and enhance the security awareness program in the organization.
  • Support the business units in their inquiries, such as suppliers' security assessments and providing information on our security policies for customer requests or reviewing contracts and agreements from a security perspective.
  • Planning and realization of internal audits, as well as ensuring the smooth running of external audits to achieve certifications.

Here is an overview of the topics you will have accomplished in the first year:

After 3 months

  • You know the stakeholders in our organization and their role regarding information security (Legal, IT, HR, process owners, management, etc.)
  • You know the current implementation of ISO-27001 and 9001 in our organization and have an overview of their strengths and weaknesses.
  • You have a plan for improving the current Information Security system for achieving its excellence while at the same time making it easier to be followed by the different stakeholders.
  • You own and live the security incident process (and if there was any security incident, you coordinated its mitigation and resolution)

After 6 months

  • You have a defined plan to improve the security awareness in the organization through different measures (improved policies, trainings, etc.)
  • You have already focused on an area to be improved (e.g. risk management, BCM or supplier management) and conducted the needed enhancements.
  • You have been able to support the business units in their inquiries, either for their own processes or specifically answering questions coming from potential customers during an RFP.

After 12 months

  • You conducted internal audits as part of the continuous improvement and as preparation of the external audits.
  • We have defined, planned and worked on the action plans to address findings coming from our different certification processes: ISO, SOC2, TISAX, ISAE 3402.
  • You have contributed and planned the roadmap 2025 and beyond with the different initiatives to keep improving our Information Security system.

What you bring:

Are you an analytical problem solver who is motivated by learning and by working on practical and strategic topics? Can you build relationships with ease, influence stakeholders, set up guidelines and train users?

If this sounds like you, look at the role requirements below:

  • Experience in a similar role with information security framework and associated certification, incl. risk management, business continuity management, etc.
  • Experience in at least one of the IS certifications like ISO 27001, SOC2, Tisax is a must.
  • Experience in security incident management and process implementation.
  • IT security understanding and experience to power your work together with the IT department.
  • Good communication skills and not only experience reporting and consulting to C-levels but also influencing stakeholders in the whole organization.
  • Experience in ISO 9001 and GDPR experience is a plus.
  • English fluency is essential (at least C1 level)

What you can expect:

You will enjoy flexible working hours, training, and home-office possibilities. However, we think these are the most interesting advantages of working at Mimacom-Flowable:

  • Holidays & Flextime – You will enjoy 30 days of vacation. We understand that while you love your work, it’s just one part of a whole person. That’s why we allow you to work in a way that accommodates your lifestyle and other commitments.
  • Hybrid set-up – You’ll have the chance to work from home and from the office in the configuration that best suits your schedule.
  • Power role with high visibility and influence – Your ideas and experience will help us shape our information security system and awareness on all departments.
  •  Career growth – We are a young company where you will be given the room to develop yourself and learn new things intensively while the company grows.
  • Dynamic Team – You will be joining a core department within the company that prides itself on excellent team culture where you will get great results whilst having fun.