Information Security Officer

**Role Purpose**:
The Information Security Officer operates within the governance, risk & compliance service provided by Jumio's security function through the GRC team.

The role acts as the security interface between the Information security strategic and process-based activities and other critical teams, like Engineering, Machine Learning, Product, Sales,HR and Legal.

**Role Value**:
The role holder reports into the GRC Lead and they need to positively influence other members of the security team as well as other departments across Jumio.

**Example Responsibilities**:
**Governance & Risk Management**:

- Develop, implement, and maintain governance, risk management, and compliance frameworks as per organization needs and policies aligned with industry best practices.
- Conduct regular risk assessments to identify, evaluate, and prioritize risks across the organization, ensuring timely mitigation actions are implemented.
- Lead risk reviews with business stakeholders and senior management to ensure risks are effectively managed and mitigated.

**Compliance & Regulatory Requirements**:

- Support the ISMS operation and associated independent security certification activities for SOC2, ISO 27001 and PCI DSS.
- Management of security policies and processes, to ensure operational efficiency, meeting regulatory compliance, and support for regional demands.
- Create and manage a business continuity program for Jumio product offerings.

**Control Assessment & Reporting**:

- Prepare regular compliance and risk reports for senior leadership, highlighting key risk areas, trends, and performance against key compliance metrics.
- Ensure documentation is maintained for all key GRC activities, including risk registers, audit logs, and quarterly compliance status reports.

**Internal & External Audits**:

- Planning and execution of external and internal audit activities as required.
- Assisting fellow Jumio's in understanding and pragmatically responding to security audit findings.

**Collaboration & Stakeholder Engagement**:

- Work closely with business teams (e.g.,Legal, HR, Product, Engineering, IT, ML) to ensure alignment on risk management and compliance initiatives.
- Delivery high-frequency communications regarding progress on security programs.

**Training**
- Annual information security training course design and implementation.
- New ideas for ongoing security culture improvements

**Continuous Improvement**:

- Support the implementation of a GRC platform or enhance existing systems to streamline risk and compliance management.
- Continuously evaluate and improve the organization's GRC processes and tools, leveraging industry best practices, automation, and innovative solutions.

**Customer Assurance**
- Assist and lead multiple customer security audits.
- Respond to customers' security questionnaires.

**Experience and Qualifications**:

- A strong passion for information security and a proactive approach to improving the organisation's security posture.
- Ability to demonstrate contemporary information security concepts, best practices and strategies.
- Expert level of managing SOC 2, and ISO 27001, this is essential; knowledge of PCI DSS would also be beneficial.
- In-depth understanding and hands-on experience of how information security can impact an organisation; you can give examples and explain both positive and negative impacts.
- Comfortable providing high quality updates to various levels and global audiences, including video.
- A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred.
- Excellent communication skills in English both written and verbal.

**Great to have Experience and Qualifications**:

- CISSP, CISM, or CRISC certification
- (Internal) Consulting experience

**Key Characteristics and Attitudes**:
In a recent global survey these attributes were valued by Jumios in all locations and functions - we firmly believe in hiring for attitude as well as skill.
- Friendly and supportive
- Adaptable and flexible
- Articulate and persuasive
- High IQ and EQ
- Curious and coachable
- Commercially Aware
- Resilient and tenacious
- Big picture and the detail

**Jumio Values**:
IDEAL: Integrity, Diversity, Empowerment, Accountability, Leading Innovation

**Equal Opportunities**:
**About Jumio**:
Jumio is a B2B technology company dedicated to eradicating online identity fraud, money laundering and other financial crimes to help make the internet safer. We leverage AI, biometrics, machine learning, liveness detection and automation to create solutions that are trusted by leading brands worldwide and respected by industry thought leaders.

Jumio is the leading provider of online identity verification, eKYC and AML solutions. With a global footprint, we're expanding the team to meet strong client demand across a range of industries including Financial Services, Travel, Sharing Economy, Fintech, Gaming, and others.

**Applicant