Information Security Officer

**Role Purpose**: The Local Information Security Officer operates within the governance, risk & compliance service provided by Jumio’s CISO function through the GRC team.

The role acts as the security interface between the CISO's strategic and process-based activities and other critical teams, like Engineering, Machine Learning, Product, Facilities, HR and Legal.

**Role Value**: The role holder reports into the Director Information Security and they need to positively influence other members of the security team as well as other departments across Jumio.

**Example Responsibilities**
- Support the ISMS operation and associated independent security certification activities for SOC2, ISO 27001 and PCI DSS.
Create and manage a unified continuous monitoring model for multiple customer compliance frameworks possibly including new frameworks on a continuous basis as business expands.
- Manage and evolve the GRC platform with the upkeep of information metrics and support all aspects of GRC security for key departments, as their security business partner.
- Support the transition/integration of security models associated with business acquisitions.
- Management of security KPI metrics and reporting strategies
- Delivery high-frequency communications regarding progress on security programs.
- Management of security policies and processes, to ensure operational efficiency, meeting regulatory compliance, and support for regional demands.
- Coordinating the overview of technical control initiatives to meet security policies.
- Gathering, analysing and assessing the current and future threat landscape and providing a realistic overview of (local) risks and threats in the enterprise environment.
- Planning and execution of external and internal audit activities as required.
- Assisting fellow Jumio’s in understanding and pragmatically responding to security audit findings.
- Support the CISO function to develop budget projections based on (local/regional) tactical and strategic goals and objectives.
**Experience and Qualifications**:

- Recent success in helping create and operate cutting edge (non-traditional) Information Security Management Systems, ideally within high tech businesses.
- Ability to demonstrate contemporary information security concepts, best practices and strategies.
- Expert level of managing SOC 2, and ISO 27001, this is essential; knowledge of PCI DSS would also be beneficial.
- In-depth understanding and hands-on experience of how information security can impact an organisation; you can give examples and explain both positive and negative impacts.
- Comfortable providing high quality updates to various levels and global audiences, including video.
- A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred.
- Excellent communication skills in English both written and verbal.
**Great to have Experience and Qualifications**:

- CISSP, CISM, or CISA certification
- (Internal) Consulting experience
**Key Characteristics and Attitudes**In a recent global survey these attributes were valued by Jumios in all locations and functions - we firmly believe in hiring for attitude as well as skill.
- Friendly and supportive
- Adaptable and flexible
- Articulate and persuasive
- High IQ and EQ
- Curious and coachable
- Commercially Aware
- Resilient and tenacious
- Big picture and the detail
**Jumio Values**

**IDEAL**: Integrity, Diversity, Empowerment, Accountability, Leading Innovation
- Welcoming
- Honest
- Knowledgeable
- Caring
- Accountable
- Motivating
**Company**

Jumio is the leading provider of online identity verification, eKYC and AML solutions. With a global footprint, we’re expanding the team to meet strong client demand across a range of industries including Financial Services, Travel, Sharing Economy, Fintech, Gaming, and others.