Information Security and Compliance Officer

Unit4 is in the business of empowering people in service organizations with innovative enterprise and business software solutions. We're changing how people work with self-driving, adaptive, and intuitive software. Our solutions empower people and deliver a better work experience so they can focus on meaningful, high-value work.

🚀 About the Role

The Information Security and Compliance Officer maintains effective risk management through our Information Security Management System (ISMS) and ensures ongoing certification. This involves maintaining information security policies, conducting internal audits, providing training, and reviewing information security arrangements. You'll work with the CISO and team to expand our existing ISMS and Quality Framework, managing actions to maintain ISO 27001/ISO 27017/SOC1/SOC2/C5 and ISO 9001 certifications. You'll liaise with globally distributed subject matter experts (SMEs) and participate in monthly ISMS committee meetings. This role is remote, based in Portugal, Poland, or Spain.

🎯 Responsibilities

• Liaise with IT, Cloud Operations, R&D, Product Development, and senior/middle management on information security matters, secure processes, emerging risks, and controls.
• Oversee penetration testing and conduct technical reviews of technologies and solutions.
• Implement, operate, support, and maintain the ISMS based on ISO/IEC 27000 standards, including maintaining certifications.
• Prepare and implement information security policies, standards, procedures, and guidelines, working with the Security Committee.
• Support compliance monitoring and improvement activities, ensuring adherence to internal policies and applicable laws and regulations (working with Legal).
• Support departments and manage projects for ISMS implementation.
• Support information security awareness, training, and educational activities.
• Support information security risk assessments and implement controls.

💪 What We're Looking For

Required:

• Around 5 years of professional experience in IT or audit-related roles.

Preferred:

• 2+ years of demonstrable experience with a certified ISMS.
• Bachelor's degree in computer science or a security-related field (ideal).
• Working knowledge of the Information Security elements of EU DORA, EBA, NIS2, C5, and other relevant regulations for a global SaaS company.
• Experience organizing and conducting internal information security audits.
• Experience maintaining, supporting, and developing an ISMS compliant with ISO 27001/ISO 27017/SOC1/SOC2/C5.
• Experience completing security risk assessments and tracking remediation efforts.
• Broad technical understanding of IT and SDLC, with the ability to audit processes and procedures and work with technical personnel.
• Understanding and experience managing/overseeing penetration testing.
• Good understanding of end-to-end business processes (ideally for a SaaS company).
• Experience in a fast-paced international company.
• Excellent English communication skills; ability to articulate and simplify security concepts.
• Awareness of handling cultural differences when working with international colleagues.
• Ability to work autonomously.
• Experience with ISO 9001 Quality standard (desirable).
• CISSP/CISA/CISM/CRISC certifications are valued but not essential.

🎁 Benefits

• A culture built on trust, offering freedom and autonomy.
• Work-life balance with uncapped time off, remote work opportunities, and Global Wellbeing Days.
• Talented colleagues, role models, and mentors.
• Commitment to sustainability through initiatives like our Act4Good program.
• A safe and inclusive working environment supported by Employee Resource Groups.