Information Security Compliance Engineer

Malta

Reporting to the Chief Information Officer with a primary focus on the overall Information Security management of the firm, the Information Security Compliance Engineer will be responsible for the implementation and maintenance of controls, processes and audits required for the implementation of ISO 27001 standard, and related information security controls.

The Role:

  • Overall management of the firm’s Information Security Management System (‘ISMS’), including the continuous upkeep and upgrading of this same ISMS;
  • Supporting the internal teams with regulatory security requirements focusing on ISO 27001;
  • The implementation and maintenance of relevant policies and procedures;
  • Coordination of GDPR requirements and liaising with the Data Protection Officer with respect to GDPR related matters; 

 Duties and responsibilities include:

  • Design, develop, implement and maintain the firm’s ISMS related policies, processes, procedures and work instructions aligned with regulatory and compliance requirements, as well as business objectives;
  • Ensuring the continuous improvement of the firm’s ISMS and GDPR;
  • Contribute to the development of appropriate security KPIs, objectives and strategies, towards improving the firm’s security posture and security maturity. Develop reporting metrics, dashboards and evidence artifacts as part of the process which can be communicated to the business stakeholders periodically;
  • Maintain and improve the security knowledge, training and awareness framework within the organization;
  • Maintain the Security Risk Register and liaising with other relevant parties within the organization;
  • Providing advice on ISO 27001 and other relevant standards;
  • Participate in regulatory audits and assist Legal and Compliance teams as may be required from time to time;
  • Assist teams in supplier onboarding risk assessment processes;
  • Manage assigned projects, developing project scopes and objectives, involving all relevant stakeholders and ensuring technical feasibility;
  • Identify significant risk exposures relating to control processes and make appropriate recommendations;
  • Perform IT audit action plans on previously raised findings;
  • Establish and maintain relationships with internal departments as well as third parties/vendors;
  • Document and report control failures and gaps to stakeholders. 
  • Provide remediation plans and prepare management reports to track remediation activities;
  • Remain up-to-date on best practices and technological advancements, as well as act as a point of reference for security assessments and regulatory compliance; and
  • Perform other related duties as may be assigned from time to time.

Skill-sets and Requirements

  • Have a minimum of 4 years’ experience in the field of IT audit/IT advisory, Information Security; or have equivalent experience in the industry (e.g., IT compliance, ISO 27001, ITIL and IT security);
  • Project Management and Implementation experience
  • Experience with Internal Audits, through data Analysis, Audits of Systems and Functional Audits

Education & Experience

Bachelor’s degree in Information Systems, Information Security, Computer Science or equivalent; 

Job Reference: DC000


  • Primary job focus
    Security & Risk
  • Job type
    Full Time
  • Employment level
    Experienced (3 years +)
  • Employer industry
    Legal Services
  • Languages
    English

Risk Jobs in Malta entail the assessment and prevention of financial risk and fraud. Jobs in risk within this sector include credit risk, risk & fraud and operational risk jobs.

  • Job Reference
    DC000
  • Closing Date
    28/02/2023
  • Date Published
    25/01/2023
  • Status
    Interviewing

Benchmark Your Salary

By using this site, you consent to the use of cookies to improve your user experience through analytics and personalised marketing efforts.