IT Security And Compliance Engineer

Profile description

We are seeking an Information Security Professional to join our team. The successful candidate will be responsible for monitoring, detecting, and analyzing security incidents, as well as performing risk assessments, implementing security measures, and ensuring compliance with ISO 27001/ ISO 22301 standards.

KEY SKILLS AND CAPABILITIES

• Support the implementation and maintenance of ISO 27001 and ISO 22301 compliance programs across global offices and vessels.
• Conduct risk assessments, manage risk registers, and track remediation actions with stakeholders.
• Develop, review, and update information security policies, procedures, and standards.
• Perform vendor/3rd-party risk assessments and ensure alignment with internal security requirements.
• Support internal and external audits, coordinating evidence collection and audit responses.
• Drive awareness programs and deliver security awareness training to staff globally.
• Monitor regulatory and industry developments (e.g., IMO 428, IACS UR E26/E27, NIS2) and provide guidance on compliance implications.
• Prepare periodic management reports on compliance status, risks, and corrective actions.
• Act as the single point of contact for governance and compliance queries in the local office.

PROFESSIONAL EXPERIENCE AND EDUCATION

• Bachelors degree in computer science, Information Security, or related field.
• 1-3 years of experience in information security governance, risk management, or compliance.
• Familiarity with ISO 27001, ISO 22301, and related security frameworks (NIST CSF, COBIT, CIS).
• Experience with policy management, risk assessment tools, and vendor due diligence.
• Strong organizational and documentation skills with attention to detail.
• Excellent communication and presentation skills for liaising with stakeholders at all levels.
• Industry certifications such as ISO 27001 Lead Implementer/Auditor, CISM, or CISSP (desirable but not mandatory).