Guavapay Limited

Information Security Compliance Officer Required Qualifications & Certifications: Education Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field. A master's degree in information security, Risk Management, or Compliance is a plus. Certifications (Highly Valued) CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) CISA (Certified Information Systems Auditor) ISO 27001 Lead Auditor / Implementer CRISC (Certified in Risk and Information Systems Control) GDPR Certification (e.g., IAPP CIPP/E, CIPM for data protection compliance) Experience Requirements: 3-5+ years of experience in Information Security, Compliance, or IT Risk Management. Experience with regulatory frameworks in UK & EU: GDPR (General Data Protection Regulation) ISO 27001 (Information Security Management Systems) Cyber Essentials Plus (UK government-backed security framework) DORA (Digital Operational Resilience Act) - EU financial sector PCI-DSS (if handling payment data) Experience in: Managing vendor risk assessments for third-party compliance. Handling incident response & reporting (e.g., Data Breach Notifications under GDPR). Key Skills & Technical Knowledge: Deep understanding of data protection laws (UK GDPR, EU GDPR, DPA 2018). Familiarity with risk management frameworks like NIST CSF, CIS Controls, and ISO 27005. Experience with cyber security tools (e.g., SIEM, Malware Protection, Firewalls and others) is a plus. Strong reporting and communication skills-ability to brief executives and regulators. Ability to design, implement, and enforce security policies. Key Responsibilities: Ensure compliance with GDPR, Cyber Essentials Plus, PCI-DSS, and other applicable standards. Align ISMS activities with ISO 27001 framework. Develop and implement security policies, controls, and procedures. Conduct security risk assessments & compliance audits. Manage incident response & data breach reporting (ICO & EU authorities). Liaise with regulators, legal teams, and third-party auditors. Deliver security awareness training across the organisation. Other Considerations: Industry Expertise: In-depth knowledge of DORA, EBA ICT Guidelines, and Basel III. Communication Skills: Proactive and effective communicator, capable of collaborating with diverse teams and stakeholders. Continuous Development: Strong ability and desire to learn, adapt, and enhance personal and professional skills.