We are searching for an Information Security Office, responsible for information security and privacy management at Sentiance. Sentiance is a cloud-native scale-up working with international clients and sensitive data. As a result, privacy and security have been a priority for Sentiance for many years. The information security officer will be an essential part of maintaining a high standard with the people from our Privacy and Security (PrivSec) team. You report directly to the COO, part of senior management at Sentiance.
Location: Belgium or Europe
What would be your key responsibilities?
As an Information Security Officer, success for Sentiance means running things without breaches, maintaining privacy security and being aware of legal requirements of Data, Privacy and Security. By joining us you will focus on the following responsibilities:
Run monthly meetings and recurring activities of the PrivSec team (Sentiance’s information security and privacy committee)
Maintain ISO 27001/27701 certification and implement/contribute to new certification programs
Review and recommend information security & privacy policies & procedures and accompanying documentation
Support and advise on the implementation of technical and organizational measures, with a particular focus on the protection of personal data (privacy)
Monitor changes in relevant risks and threats against the organization.
Review, handle and monitor reported security & privacy incidents. Provide adequate reporting to upper management and thorough investigation of actual or suspected information security breaches
Ensure compliance with current laws, regulations, and requirements contractually agreed with clients.
Motivate employees and partners to maintain the responsibility for, ownership of, and knowledge about information security to minimize the risk of security incidents.
Collaborate with the technology team to ensure the availability and reliability of the infrastructure, the platforms, and the services supplied and operated by Sentiance, even if significant security incidents occur.
Vendor management: ensure that external service providers comply with Sentiance's information security needs and requirements.
The PrivSec team prepares and provides training sessions on privacy and information security.
What are the essential qualities to be successful in this role?
Academic degree, preferably in computer science or related discipline
Minimum 3 years of experience in an information security role related to Governance Risk and Compliance (GRC)
Has been involved in implementing ISO 27001/27701 or other standards
Knowledge of information security standards and frameworks (ISO 27xxx, SOC-2)
Knowledge of personal data protection principles and related legislation (GDPR)
Good understanding of web technologies, mobile platforms, and cloud infrastructure (AWS)
Familiar with software development lifecycle and DevOps principles
Ability to provide training and awareness sessions about security measures
Able to report on KPI and progress using the right level of detail
Excellent problem-solving and analytical skills.
Effective verbal and written communication skills.
Professional information security certifications are a plus but not required.
What do we offer you?