Group Information Secutity Officer

  • Plaats:Spanje, Madrid
  • Boekingsdatum:23 Mei 2022

Purpose of role:

The Information Security Officer is responsible for ensuring the security of all information

stored within the Small World Group through conducting risk assessments, ensuring

safeguards are implemented and creating an information security culture within Small

World Group.

Role details:

  • Ensure adequate risk assessments are being performed on the most critical assets

and review the recommendations made from the risk assessments and ensure

major risks are being addressed to reduce/mitigate/remove the risk

  • Create an information security culture in Small World, developing plans and

strategies to raise awareness and train employees & others associated with Small

World information (eg contractors, board members etc)

  • Ensure relevant Information Security policies are developed, approved, and

implemented across the group.

  • Ensure all the necessary safeguards (technical, procedural and physical) identified

in risk assessments and/or laid out in policies are implemented in a timely manner

  • Develop and deliver an annual Information Security roadmap, identifying

milestones to implement policies and safeguards. Communicate the roadmap to all

stakeholders and report on progress at appropriate intervals throughout the year

using a RAG status, escalating red issues as appropriate.

  • Where possible, develop KPI metrics to allow the board, ARC and Exco to monitor

the effectiveness of the Cyber and Information Security programmes

  • Monitor external cybersecurity threats and developments in the market,

recommending necessary actions that Small World must take to ensure they are

adequately protected from such threats.

  • Collaborate with relevant departments to manage any cybersecurity incidents to

ensure that the impact of any attack is restricted as far as is possible.

  • Contribute to incident reviews to identify causes and the actions necessary to

ensure any weakness is addressed.

Person Specification

  • Knowledge of Information Security best practice, particularly with respect to

financial services (ISO 27001/2)

  • Knowledge of Operational Risk Management, external regulations and auditing;
  • Experience of driving through change and Implementing policies in a medium sized


  • The ability to manage and deliver tasks through to successful conclusion.
  • A background in undertaking risk assessments and managing risk and taking part

in internal and external audits

  • Excellent written and verbal communication and organisational skills with the ability

to present technical matters to a non-technical audience

  • Fluency in spoken and written English & Spanish is essential.
  • Excellent Microsoft Office excel and word skills.
  • Attention to detail and accuracy
  • Team working
  • Ability to work with a virtual team
  • Ability to work independently under pressure.
  • Be able to demonstrate a collaborative style of working.


We gebruiken cookies om u de best mogelijke browse-ervaring te bieden en om te begrijpen hoe u onze site gebruikt. Door op "Accepteren" te klikken, accepteert u deze cookies. U kunt uw voorkeuren op elk moment wijzigen - en er meer over te weten komen - door te volgen deze link