Information Security Specialist

We are seeking a highly motivated and experienced Information Security Specialist to join our dynamic team. The ISO will be responsible for implementing, maintaining, and enhancing our organization's information security program to ensure information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected. 

Working in close collaboration with the Data Protection Officer (DPO) and Chief Information Security Officer (CISO), the ideal candidate will be a hands-on professional with in-depth knowledge of ISO 27001, GDPR, and experience in managing security in an environment that includes Apple devices. This role is critical in safeguarding our company's data, ensuring regulatory compliance, and fostering a robust security-aware culture.

The Information Security Specialist shall report to the CTO.

 
About Play North

We are a diverse and fast-growing online casino operator active in regulated markets with offices based in Malta, Estonia and The Netherlands. You can now join our dynamic, capable and enthusiastic team. 

We are the people behind the global casino brands Pikakasino.com and Kansino.nl. We are licensed and regulated by the Malta Gaming Authority and Kansspelautoriteit in The Netherlands. 

Due to the continued growth and success of our brands, we are now searching for more A class talents to join our mission to build the next iGaming giant.

Are you a self-motivated and dedicated person with an eye for detail? If you get kicks from new challenges in a top professional, yet easy-going and fun, work environment, then we are eager to hear from you!

Responsibilities: 

Strategy & Governance Support

• Contribute to developing and leading the implementation and day-to-day monitoring of the enterprise information security and IT risk management program, in alignment with strategies defined in collaboration with the CISO.
• Establish, maintain, and continually improve the Information Security Management System (ISMS) compliant with ISO 27001 standards, including policy operationalisation, risk assessment execution, and control implementation.
• Collaborate closely with the Data Protection Officer (DPO) on GDPR compliance activities, taking the lead on implementing and maintaining the necessary technical and organisational security measures to protect personal data, and supporting DPIAs and DSAR processes from a security perspective.
• Implement and enforce information security policies, standards, procedures, and guidelines across the organisation, ensuring they are understood and followed.
• Work with business units to facilitate and execute information security risk assessments and support risk management processes.

Operations & Management

• Manage the day-to-day operations of the information security function, contributing to budget planning and resource allocation under the guidance of senior management and in coordination with the CISO.
• Oversee the deployment, integration, configuration, and ongoing management of security solutions.
• Conduct and coordinate regular security audits, vulnerability assessments, and penetration tests, and manage remediation efforts.
• Manage and respond to information security incidents, including investigation, remediation, reporting, and post-incident reviews, in coordination with relevant stakeholders.
• Develop, deliver, and track security awareness training programs for all employees.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on appropriate operational responses and mitigation actions.
• Ensure the security and management of corporate endpoints, with specific experience in securing Apple devices (macOS, iOS).
• Liaise with external auditors, regulatory bodies, and other third parties as required, in coordination with the DPO and CISO.

Collaboration & Communication

• Provide regular operational reports to senior management and the CISO on the status of the information security program, incidents, and identified risks.
• Collaborate effectively with the internal Data Protection Officer (DPO), CISO, IT, legal, HR, and other departments to ensure a cohesive and aligned approach to information security and data protection.
• Advise on security best practices and integrate security into business and IT operational processes.

Requirements:

• Bachelor's degree in Information Security, Computer Science, Information Technology, or a related field. A Master's degree is a plus.
• Proven experience (typically 5+ years) in an information security management or operational role.
• In-depth knowledge and hands-on experience with ISO 27001 (implementation, auditing, and maintenance of an ISMS).
• Comprehensive knowledge of GDPR and data protection principles, particularly from a technical and organizational security measures standpoint.
• Demonstrable experience in developing, implementing, and enforcing information security policies, standards, and procedures.
• Experience with risk management methodologies and conducting security risk assessments.
• Experience in managing security incidents and executing incident response plans.
• Experience with securing and managing Apple devices (macOS, iOS) in an enterprise environment is a plus.
• Understanding of the NIS2 Directive and its operational implications for organizations is a plus.

What we offer

• A hybrid working model.
• Competitive salary based on experience and qualifications.
• Brand new offices.
• Private parking.
• Private Health insurance.
• Wellness allowance up to €600 per year.
• Employee assistance program with Richmond Foundation.
• Birthday wishes with something special.
• Office lunches and daily nibbles such as fresh fruit and healthy snacks.
• Meal allowance.
• Lots of great company discounts.

"By submitting your application, you understand that your personal data will be processed as set out in our Privacy Policy, which can be accessed by clicking here. Where you have not granted consent to retain your data in our talent pool, we will, in cases where the recruitment process did not lead to employment with Play North, retain your personal data for a period not exceeding six months in order to, among other things, enable us to manage potential disputes or store data about your talents for near future opportunities. Once this retention period has elapsed, your data will be deleted. You have a right to object to this additional 6 months-period of processing by explaining the reasons why we should not process your personal data to our Data Protection Officer at DPO@playnorth.com."