ICT Security & Risk Officer

at  BoostIT

We are BYT, a specialized tech recruitment company launched in December 2021, with the ambition of achieving success for over 3 years, coupled with experienced management team of over 15 years.
During this time, we successfully delivered more than 400 specialized recruitment processes for 20 clients in Portugal and internationally. Our expertise stems from our deep knowledge of market expectations, business needs, and candidate motivations.
BYT uses innovative techniques to attract and maintain the best people. We make sure we get the right fit for each team and project. For us, success is about getting the right fit for you.

BYT: Boost Your Team

• Function: ICT and Security Risk Officer
• Location: Portugal
• Type of work: On-site
• Type of contract: Direct Contractual link with the client
• Client: The institution is a private and independent financial group headquartered in Lisbon, Portugal, specializing in bespoke financial solutions for individual and corporate clients. Known for its personalized approach and high-quality services, it operates across multiple markets with a strong international presence.

Tasks

• Monitor the vulnerability management program to ensure that information security gaps are identified and mitigated;
• Analyze Threat Intelligence information, evaluating reported threats and monitoring interventions (internal or external) necessary to reduce your risk;
• Analyze legal and regulatory compliance in the field of Information Security and Business Continuity Management, identifying points for improvement and the consequent proposal to implement controls to those directly responsible;
• Monitor and monitor operational resilience tests as well as monitor the resolution of failures detected by them;
• Support the definition of requirements for the secure implementation of the Group’s Information Systems and the ICT risk management framework;
• Analyze user activities in order to recognize suspicious behavior;
• Actively participate in the preparation and ongoing maintenance of the main documents related to Information Security;
• Analyze and supervise the classification of the criticality of ICT and information assets, assessing the correct identification of their dependencies, based on inventories, issuing recommendations or suggesting improvements;
• Carry out information security training and awareness actions for all Group employees and bodies;
• Advise on issues related to Information Security, notify and keep Management informed about the main existing risks as well as the implementation of Information Security controls;
• Monitor internal and external audits, related to Information Security, ensuring that corrective actions are carried out, monitoring the effectiveness of the measures proposed to mitigate non-conformities.

Requirements
-Bachelor’s/Master’s degree in Computer Engineering, Networks or Computer Security;
-Professional experience of up to 3 years in the area of ​​Information Security or in Network and Information Systems Consulting;
-Knowledge of ICT and Security risk management;
-Good knowledge of information security principles;
-Stays informed on international standards and regulations: ISO 27k, NIST, GDPR, FAIR;
-Ability to work autonomously and collaborate in a team;
-Good analytical skills;
-Advanced knowledge of English (written and spoken);
-Basic knowledge of Spanish;
-Rigor and attention to detail.
Please submit your resume detailing your relevant experience if you’re interested

• Monitor the vulnerability management program to ensure that information security gaps are identified and mitigated;
• Analyze Threat Intelligence information, evaluating reported threats and monitoring interventions (internal or external) necessary to reduce your risk;
• Analyze legal and regulatory compliance in the field of Information Security and Business Continuity Management, identifying points for improvement and the consequent proposal to implement controls to those directly responsible;
• Monitor and monitor operational resilience tests as well as monitor the resolution of failures detected by them;
• Support the definition of requirements for the secure implementation of the Group’s Information Systems and the ICT risk management framework;
• Analyze user activities in order to recognize suspicious behavior;
• Actively participate in the preparation and ongoing maintenance of the main documents related to Information Security;
• Analyze and supervise the classification of the criticality of ICT and information assets, assessing the correct identification of their dependencies, based on inventories, issuing recommendations or suggesting improvements;
• Carry out information security training and awareness actions for all Group employees and bodies;
• Advise on issues related to Information Security, notify and keep Management informed about the main existing risks as well as the implementation of Information Security controls;
• Monitor internal and external audits, related to Information Security, ensuring that corrective actions are carried out, monitoring the effectiveness of the measures proposed to mitigate non-conformities