Job Title

The Senior Information Security Officer is responsible for supporting the implementation and operation of the organisation's Information Security Management System (ISMS) within their region. This role will drive security risk management, policy compliance, audits (internal, external and client), training and awareness, supply chain risk, and support security operations in incident management.As a Managed Service Provider (MSP) and data processor for clients, the ISO will ensure that security controls align with client contractual obligations, regulatory requirements, and industry best practices. The ISO will work closely with global security leadership, regional stakeholders and clients to address both internal and client-specific security challenges.Main ActivitiesThe position is within the Information Security team. Main activities will include but are not limited to:Internal Audit & Assurance:- Oversee the implementation and operations of the ISMS within the region. - Ensure and support alignment with global security policies and regulatory requirements including ISO27001, SOC2 type II and PCI-DSS. - Continuously assess and improve security controls and processes.Information Security Risk Management- Identify, assess, and mitigate security risks. - Maintain the risk register and track remediation activities. - Provide risk-based guidance to business units, IT teams, and client-facing operations.Information Security Policy & Standards- Ensure compliance with corporate security policies, frameworks, and client-specific security mandates. - Develop and enforce security standards and client requirements. - Input into periodic reviews and updates to security policies to align with evolving requirements.Information Security Audit & Compliance- Lead and support internal and external security audits, ensuring timely remediation of findings. - Provide security assurance to clients by responding to security questionnaires and participating in client audits. - Coordinate with service delivery teams to meet client-specific obligations. - Monitor and report on security posture, client security commitments, and compliance status.Information Security Training & Awareness- Develop, support deliver security awareness programs - Support phishing exercises and other training initiatives to enhance security culture. - Collaborate with HR and other departments to ensure security education is embedded in employee onboarding and ongoing training.Supply Chain Risk Management- Assess and manage security risks associated with third-party vendors and suppliers. - Ensure that security requirements are included in vendor contracts and SLAs. - Perform regular security assessments of critical suppliers, considering the impact on client services.Security Operations & Incident Management Support- Assist in managing and responding to security incidents within the region, to ensure rapid containment and remediation. - Work with the Security Operations team to protect both internal and client environments. - Support post-incident reviews and contribute to continuous improvement in incident handling, including lessons learned for client operations.In addition to the above position-specific responsibilities, all employees are required to undertake any other reasonable duties and responsibilities within your capability and skills, when requested to do so.Qualifications and Experience- Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience). - 5+ years of experience in an information security role, preferably with regional oversight in an MSP or data processing environment. - Strong understanding of ISO27001, NIST, GDPR, and other security and data protection frameworks. - Experience in security risk management, audits, compliance, and client security assurance. - Knowledge of security operations, incident response, and managed security services. - Familiarity with supply chain security and third-party risk management. - Excellent communication and stakeholder management skills, with experience working with clients on security matters. - Security certifications such as CISSP, CISM, or CRISC are preferred.