.Information Security OfficerApply for this position in Valencia, Spain. Full time. Posted 6 Days Ago. Job Requisition ID: JR100735.We are the Mimacom-Flowable Group. Our digital products enable businesses to achieve faster, simpler, and more impressive results in banking, retail, manufacturing, healthcare, and other sectors. Our software solutions reach 50 million users every day.Behind each of our products is a brilliant group of people who share the same values and work together to create innovative solutions for real problems. As part of the Information Security Team in the company, you will be the co-owner and driver of multiple security standards and frameworks, such as ISO27001, TISAX, ISAE3402, or SOC2 Type 2, and shape the IS strategy, projects, and processes.Join our team as Information Security Officer in Valencia and let's create something great together!What you'll be doing:- Develop and maintain a strategic, comprehensive, and pragmatic enterprise information security system compliant with ISO-27001 and ISO-9001.- Proactively improve the risk management system and business continuity management at group level and help the business units in their implementations.- Identification and management of security incidents together with IT, legal, and business departments, including not only short-term reactive and proactive measures but also strategic projects (incl. budget planning and responsibility).- Lead and enhance the security awareness program in the organization.- Support the business units in their inquiries, such as suppliers' security assessments and providing information on our security policies for customer requests or reviewing contracts and agreements from a security perspective.- Planning and realization of internal audits, as well as ensuring the smooth running of external audits to achieve certifications.Here is an overview of the topics you will have accomplished in the first year:After 3 months- You know the stakeholders in our organization and their role regarding information security (Legal, IT, HR, process owners, management, etc.)- You know the current implementation of ISO-27001 and 9001 in our organization and have an overview of their strengths and weaknesses.- You have a plan for improving the current Information Security system for achieving its excellence while at the same time making it easier to be followed by the different stakeholders.- You own and live the security incident process (and if there was any security incident, you coordinated its mitigation and resolution).After 6 months- You have a defined plan to improve the security awareness in the organization through different measures (improved policies, trainings, etc.)- You have already focused on an area to be improved (e.G. risk management, BCM or supplier management) and conducted the needed enhancements