About the Client
Our client is a dynamic technology company specialising in advanced meteorological solutions. Company is dedicated to innovation, creativity, and continuous learning, and we seek a Security Manager to help us grow.
About the Role
We are seeking an experienced Security Manager to join our dynamic software development company. The Security Manager will lead and oversee our information security strategy, ensuring compliance with ISO 27001, ISO 27017, NIS2 Directive, and the implementation and maintenance of Secure Software Development Life Cycle (SSDLC). The role involves developing internal security procedures, policies, and best practices to mitigate risks and ensure the security and integrity of our information assets and software products.
Responsibilities
· Lead and manage compliance initiatives related to ISO 27001 (Information Security Management), ISO 27017 (Cloud Security), and the European NIS2 Directive.
· Develop, document, and maintain internal security policies, procedures, guidelines, and standards.
· Ensure the effective implementation and continual improvement of the Secure Software Development Life Cycle (SSDLC).
· Conduct regular security risk assessments, and internal audits to identify and mitigate risks.
· Manage security incident response, investigations, and reporting activities.
· Coordinate external security audits, penetration testing, and compliance assessments.
· Provide regular training and awareness programs for employees on information security and cybersecurity best practices.
· Act as the primary liaison with auditors, regulators, customers, and management for security-related matters.
· Collaborate with software development and ICT team to embed security requirements into system design, development, and deployment phases.
· Monitor and report on compliance status, security incidents, and security improvement initiatives to senior management.
Requirements
· Bachelor’s or Master’s Degree in Information Security, Computer Science, Information Technology, or a related field.
· Minimum of 5 years of relevant experience in Information Security, preferably within software development environments.
· Proven experience implementing and managing compliance with ISO 27001, ISO 27017, and familiarity with the NIS2 Directive.
· Solid experience with SSDLC methodologies, security controls integration, secure coding practices, and vulnerability management.
· Certifications highly desirable: CISSP, CISM, CISA, ISO 27001 Lead Auditor/Implementer, or equivalent industry-recognized credentials.
· Strong understanding of cloud security architectures and best practices.
· Excellent analytical, communication, and interpersonal skills.
· Demonstrated ability to effectively communicate complex security concepts clearly to stakeholders at various levels.
· Proficient English language skills at C1 level.
Nice to Have Skills
n/a