Description
Job Type: Fully remote. Occasional travel to build relationships with the team.
Hours: Full-Time.
Base Salary: €4-6k per month, B2B contract
Location: Anywhere within Europe or the UK.
Organisation: Physitrack
About Physitrack (and Champion Health)
At Physitrack our Mission is to elevate the world's wellbeing. We’re a global digital healthcare provider with team members on four continents, customers in 17 time zones, and millions of end users in 187 countries. We have two products: Physitrack - a SaaS B2B platform used by physiotherapists and their patients, Champion Health that is a Wellbeing platform.
About The Role
We are looking for an experienced, enthusiastic Information Security Manager who brings a proven toolkit of best-practice ISM resources and experience to design, plan, implement, and enforce policies and procedures to protect Physitrack’s computing infrastructure, network, and data from all forms of security breaches. You will be responsible for overseeing information security, cybersecurity, and IT risk management programs based on industry-accepted information security and risk management frameworks.
To be successful as an Information Security Manager, you should have excellent analytical skills, in-depth knowledge of best practices, and prior experience with external or internal IT audits. Top candidates will also be excellent communicators who can work with little supervision.
Experience with ISO 27001, ISO 27018, and GDPR is required. Knowledge of medical standards like HIPAA is nice to have.
Responsibilities
- Coordination of the continuous development, implementation, and updating of security processes, policies, standards, guidelines,
and baselines.
- Take ownership of the audits and facilitate management response
and remediation efforts.
- Keeping up to date with developments in IT security standards
and threats.
- Collaborating with management and the IT Engineering department
to improve security.
- Documenting any security breaches
and assessing their damage.
- Acting as the Data Protection Officer,
collaborating closely with the Legal team to ensure compliance
with data protection regulations
and best practices.
- Develop and manage the frameworks,
processes,
tools,
and consultancy necessary for IT
to properly manage risk
and make risk-based decisions related
to IT activities.
- Proactive identification
and mitigation of IT risks as well as responding
to observations identified by third-party auditors or examiners while assisting in developing periodic reports
and dashboards presenting controls compliance level
and current IT risk posture.
- Educating colleagues about security software
and best practices for information security
and coordinating company-wide infosec training efforts.
A Selection Of Typical Tasks (not Exhaustive)
- Working closely with Sales team,
helping answer customers’ information security queries as needed,
including RFPs
- Run both internal
and external audits
- Run security onboarding
and offboarding process including infosec training coordination using dedicated tools
- Review
and update security documentation Raise non-conformities as needed,
schedule for resolution
Requirements
Experience in the information security role.
Knowledge of relevant legislation (mainly GDPR)
Standards (ISO 27001 & ISO 27018)
Ability to educate a nontechnical audience about various safety measures.
Effective verbal & written communication skills.
Fluent English & Polish
Nice To Have
Professional information Security certification
General cloud computing & web applications knowledge
Project management & change management skills
How To Apply
Interested candidates should submit their CV. Physitrack is an equal opportunity employer that values diversity. Employment decisions are made based on qualifications merit & business need.