INFORMATION SECURITY ASSOCIATE

Role Purpose 

The Information Security Associate shall be responsible for conducting technical security and privacy assessments, audits, and compliance reviews, and for independently advising clients on information security and data protection requirements. The role shall support clients in the implementation, assessment, and continuous improvement of Information Security Management Systems (ISMS), GDPR compliance programs, and related governance frameworks. 

Key Responsibilities 

• Conduct information security assessments across applications, systems, and networks 

• Perform IT security audits, internal audits, and information security risk assessments 

• Support and advise clients on ISMS implementation, maintenance, and continuous improvement in line with ISO/IEC 27001 

• Identify gaps and non-conformities, recommend corrective actions, and support remediation activities 

• Support GDPR compliance initiatives, including assessments and DPO activities 

• Assist clients in the development, implementation, and rollout of security, compliance, and governance frameworks 

• Support Business Continuity and Disaster Recovery (BC/DR) planning and assessment activities 

• Prepare clear, structured reports and present findings to both technical and non-technical stakeholders 

• Maintain up-to-date knowledge of regulatory, security, and industry best practices 

Required Experience 

Experience on at least one or more of the following is required: 

• Application, information systems, and network security 

• Information security governance and/or operational security 

• IT systems administration, network support, or application support 

• Security risk identification, vulnerability management, and risk management 

• IT security auditing and internal audits aligned to ISO/IEC 27001 and/or IT general controls 

• Business Continuity and Disaster Recovery support activities 

Certifications & Professional Qualifications 

Candidates must possess at least one certification from the list below. (Should the candidate not possess any of the certifications below, but has the necessary experience to fulfill this role, the candidate shall commit to obtaining a certification/s during his employment with NOUV): 

• (ISC)² Certified Information Systems Security Professional (CISSP) 

• ISACA Certified Information Security Manager (CISM) 

• ISO/IEC 27001 Lead Implementer 

• ISACA Certified Information Systems Auditor (CISA) 

• GIAC Systems and Network Auditor (GSNA) 

• ISO/IEC 27001 Lead Auditor or Internal Auditor 

• IRCA ISMS Auditor (or higher, including Lead or Principal Auditor) 

• IIA Certified Internal Auditor (CIA) 

Additional Relevant Training  

The following certification will be considered an asset: 

• ISO/IEC 27001 Lead Implementer 

• ISO/IEC 27001 Lead Auditor 

• ISO/IEC 22301 Lead Implementer 

• SWIFT Customer Security Programme (CSP) training or certification 

• GDPR Data Protection Officer certification or related legal/compliance training 

• PCI DSS Qualified Security Assessor 

Skills & Competencies 

• Strong understanding of information security  

• Ability to work independently and manage multiple client engagements 

• Strong analytical and problem-solving skills 

• Excellent written and verbal communication skills in English  

• Ability to translate technical findings into practical business recommendations 

• High attention to detail and professional integrity 

Experience on data protection frameworks will be considered an asset 

Company offers 

• Vibrant working environment with growth opportunities 

• Continuous professional training and development 

• Flexible working conditions 

Employment Type 

Full-time  

Please send a cover letter and CV, including professional references, to the HR Manager at hr@nouv.com