The Client:
Our client, a leader in payment-processing technologies and financial solutions for merchants and financial institutions in Cyprus, is looking to recruit an Officer Information Security & Risk Management in Nicosia.
The Position:
The Officer Information Security & Risk Management will actively support the design, implementation, and continuous improvement of Company's Information Security, Risk Management, and Business Continuity frameworks. This includes contributing to the protection of information assets, enhancing organizational resilience, promoting a risk-aware culture, and ensuring compliance with relevant regulatory and industry standards (e.g., ISO 27001, PCI DSS, DORA). The Officer Information Security & Risk Management will be under the department of Information Security, Risk Management, and Compliance and reports to Head Information Security, Risk Management, and Compliance
Duties and Responsibilities:
Contributes to the design and implementation of Company’s Information Security Program to ensure the safeguarding of the Company’s information assets in terms of confidentiality, integrity, and availability.
Supports the development and maintenance of Company’s Business Continuity Management Program, ensuring the resilience of critical functions, services, and assets.
Assesses third-party service providers and outsourcing arrangements from an information security and business continuity perspective, in line with regulatory expectations (e.g., DORA), and supports the ongoing monitoring of third-party risk throughout the vendor lifecycle.
Drafts, updates, and distributes Information Security and Business Continuity policies, procedures, and guidelines in alignment with applicable standards and internal requirements.
Monitors and evaluates compliance with regulatory and industry frameworks such as PCI DSS, ISO 27001, and ISO 22301, and supports internal and external audits and assessments.
Coordinates the Risk Control Self-Assessments (RCSAs) with business units and assists in the development of appropriate risk treatment plans.
Identifies, evaluates, and reports on significant and emerging risks, including those related to information security, business continuity, and operational resilience.
Manages and promotes the Information Security and Business Continuity Awareness Program, including the design and delivery of training sessions to foster a risk-aware culture across the organization.
Oversees the Incident Management process, ensuring incidents are documented, escalated, and resolved in line with internal procedures and regulatory expectations.
Provides risk management input for new initiatives, systems, and significant organizational changes to ensure that information security, operational risk, and business continuity requirements are identified and addressed early in the process.
Organizes and coordinates Business Continuity Plan (BCP) testing across departments to validate recovery strategies and response capabilities.
Leads the review and maintenance of Business Impact Analyses (BIAs) and Business Continuity Plans, ensuring they remain accurate and fit for purpose.
Skills - Qualifications – Experience:
Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related discipline.
Professional certifications such as CISSP, CEH, CISA, ISO 27001/22301 Lead Implementer, or other relevant credentials, will be considered an asset.
2-4 years of proven experience in information security management, risk assessment, and business continuity planning.
Familiarity with relevant regulatory frameworks such as DORA, PCI DSS, ISO 27001/22301, PSD2, and local supervisory requirements will be considered an asset.
Strong analytical and problem-solving skills, with the ability to identify, assess, and mitigate risks related to security, continuity, and operations.
Strong project management skills, with the ability to coordinate cross-functional initiatives and contribute to incident and crisis response activities.
Excellent communication skills in both Greek and English, with the ability to explain complex security, risk, or regulatory concepts clearly to both technical and non-technical audiences.
Maintains a high level of attention to detail, with a commitment to precise documentation across incident, risk, and compliance records.
Demonstrates integrity, professionalism, and sound judgment when handling sensitive, confidential, or regulated information.
Proactive and self-motivated, with the ability to work independently and collaborate effectively across departments.
Strong interpersonal and stakeholder management skills, with the ability to engage effectively with internal teams, senior management, regulators, and third parties.
Experience using risk management, compliance tracking, or GRC platforms will be considered an advantage.
Location: The position is for the Client’s offices in Nicosia, Cyprus.
Remuneration: An attractive remuneration package will be offered to the successful candidate.
Please note that only shortlisted candidates will be contacted for the next stages of the process.
All Applications will be handled in strict confidence.