We are looking for an experienced and proactive Information Security Officer to take full ownership of the organisation’s information security framework and lead compliance efforts with the Digital Operational Resilience Act (DORA)
This is a unique opportunity to build and shape the security function from the ground up. The ideal candidate is hands-on, practical, and ready to lead in an environment where decisions are made quickly and contributions create visible impact. In a small, agile setting, you will play a pivotal role in embedding security into every aspect of the organisation’s operations.
Responsibilities
- Supporting cross-functional teams in implementing and maintaining DORA compliance, including ICT risk management, incident reporting, resilience testing, and oversight of third-party ICT service providers.
- Ensuring adherence to all relevant regulatory and legal obligations, such as MFSA requirements, EU regulations, GDPR, and other applicable standards.
- Acting as a key point of contact for regulatory bodies, internal audit, and external auditors on matters of information security and operational resilience.
- Developing, maintaining, and enhancing the Information Security Framework (ISF), covering policies, standards, procedures, guidelines, and controls.
- Identifying vulnerabilities and threats, assessing their likelihood and impact, and recommending and tracking mitigation actions.
- Participating in business initiatives to ensure security is embedded throughout project lifecycles (secure-by-design).
- Establishing, testing, and maintaining an incident response plan aligned with DORA requirements.
- Ensuring timely detection, reporting, containment, remediation, and post-incident review for security incidents.
- Preparing regular reports for senior leadership, risk committees, and the Board on security posture, compliance status, incident trends, and risk treatment progress.
Requirements
- Strong understanding of DORA, MFSA guidelines, GDPR, and relevant regulatory frameworks
- Familiarity with security standards such as ISO 27001, NIST, or equivalent frameworks.
- Solid knowledge of ICT environments, particularly cloud-based or outsourced infrastructures.
Education and Experience
- At least 3 years of experience in information security or ICT risk management, preferably within financial services or other regulated sectors.
- Professional certifications such as CISSP, CISM, or ISO 27001 are advantageous but not mandatory.
- Located in Malta and local experience
Benefits
- Health, life and personal accident insurance
- Free parking
- Loan benefits
- Fitness allowance
- Hybrid working and flexible working hours
Job Reference: VH400
