Information Security Officer (All genders)

at  Movingimage

At movingimage, video is what drives us. We are a global leader in delivering secure enterprise video solutions. Simply put, we want to revolutionize the way in which companies use video. Our cloud-based solution is a centralized platform that enables companies to efficiently manage and stream all their video assets for customers, partners, and employees in the best possible quality on any device.
We are seeking a highly skilled Senior PHP Developer who is eager to expand their expertise to full stack development or transition into a Java Developer role within one year.

AS AN INFORMATION SECURITY OFFICER, YOU’LL TAKE ON THE FOLLOWING RESPONSIBILITIES:

• Lead our tasks in preparation to our upgrade from ISO 27001:2013 to ISO 27001:2022
• Develop, implement, and monitor a robust integrated management system aligned with ISO 27001, ISO 9001, ISO 20000-1, and TISAX requirements
• Facilitate regular internal and external audits to ensure compliance with industry standards and assist in maintaining our certifications
• Lead and support audit processes, managing responses to findings and implementing corrective actions to continuously improve our security posture
• Create and maintain detailed security documentation, including policies, procedures, risk assessments, and incident response plans
• Conduct thorough risk assessments across the organization to identify potential vulnerabilities and recommend mitigation strategies
• Collaborate with DevSecOps and Engineering teams to embed security protocols and practices within the product development lifecycle
• Stay informed of emerging cybersecurity threats and vulnerabilities, developing proactive measures and responses to mitigate risks
• Cultivate a strong cybersecurity culture by developing and delivering security awareness programs, training sessions, and educational resources for all employees
• Promote a security-first mindset, ensuring that security considerations are embedded in all areas of the business and throughout each project’s lifecycle
• Facilitate cross-departmental collaboration to enhance understanding and adherence to security practices
• Conduct risk assessments for new and existing vendors to ensure compliance with the organization’s security policies and standards
• Review vendor security posture to align with our security requirements, certifications, and regulatory compliance needs
• Maintain an active register of third-party vendors and perform regular security reviews to monitor ongoing compliance and risk
• Facilitate post-incident reviews, root-cause analysis, and corrective actions to prevent recurrence of security incidents

TO THRIVE IN THE ROLE AS A INFORMATION SECURITY OFFICER, YOU’LL NEED:

• Bachelor’s degree in Information Security, Cybersecurity, Information Technology, or related field. Advanced degrees preferred
• Relevant certifications such as CISSP, CISM, CISA, ISO 27001 Lead Auditor, AZ-500 or other equivalent credentials
• Minimum of 5 years of experience in information security or a related role, preferably within a SaaS or technology environment
• Demonstrated experience in internal and external audits, including maintaining compliance with ISO/IEC 27001, ISO 9001, ISO/IEC 20000-1, and TISAX
• Hands-on experience with risk management, vendor management, and incident response practices
• Knowledge of DevSecOps principles and secure SDLC practices
• Familiarity with different frameworks such as GDPR, DORA, BSI IT Grundschutz, BSI C5, ISO/IEC 27005
• Strong analytical and problem-solving skills, with the ability to make risk-based decisions
• Proven track record in developing and implementing information security policies, standards, and procedures
• Familiarity with security information and event management (SIEM) tools and incident response platforms
• Good working knowledge of Confluence and JIRA