Senior Information Security Officer at IC Markets

Join our dynamic team at IC Markets as a Senior Information Security Officer and help shape the future of FinTech innovation. This full-time, on-site opportunity based in Limassol offers you the chance to make a real impact in a fast-paced and forward-thinking environment. Apply now and take the next step in your career with us!

Who We Are:

IC Markets, a global leader in trading with over 15 years of success, a strong international presence, and a team of skilled professionals, remains at the forefront of financial technology innovation. As an agile company that values growth and collaboration, we offer an exciting opportunity to be part of a dynamic industry where innovation meets excellence.

What You’ll Do:

We are looking for a Senior Information Security Officer (Governance, Risk & Compliance GRC) to lead and mature our security GRC function in a fast-moving online trading/fintech environment.

You will act as the ISMS owner and GRC lead, aligning our security strategy with business objectives and regulatory requirements, and ensuring our controls are practical, measurable, and auditable. This is a hands-on role: part programme leader, part advisor, part “evidence factory” owner. You’ll work closely with IT, Engineering, Legal/Compliance, Operations, and senior management.

Key Responsibilities

Governance & Frameworks

• Own and continuously improve the Information Security Management System (ISMS) in line with ISO 27001 and other relevant frameworks (NIST CSF, SOC 2, SCA).
• Manage the full policy and standard lifecycle:
• Draft, review, and update security policies, standards, and guidelines.
• Coordinate approvals with stakeholders and senior management.
• Ensure policies are communicated, acknowledged, and enforced through processes and technical controls.
• Maintain a security control framework mapped to regulations and standards (e.g., GDPR, DORA/MiCA or sector-specific rules, where applicable).

Risk Management

• Own the security risk register:
• Ensure risks have clear owners, impact/likelihood ratings, treatment plans, and due dates.
• Track mitigation progress and residual risk.
• Run structured risk assessments for:
• New systems, products, and major change initiatives.
• New vendors and key third parties (coordinated with Procurement, Legal, Compliance).
• Periodic refresh of key risks at least annually, including scenario-based analysis relevant to trading and financial operations.
• Integrate security risks into the enterprise risk management process and support board level/security committee reporting.

Compliance, Certification & Audit

• Lead the operational side of security frameworks: gap assessments, remediation plans, internal audits, and external audits.
• Coordinate internal audits, external auditor reviews, and regulatory inspections relevant to information security and IT risk.
• Maintain an “evidence factory”:
• Standardised repositories for logs, screenshots, configurations, reports, and tickets used as control evidence.
• Version-controlled procedures and records for key controls (access reviews, backup tests, incident drills, change approvals, etc.).
• Track all audit findings, non-conformities, and recommendations to closure, with assigned owners, due dates, and periodic status reporting to management.

Third-Party & Vendor Risk Management (TPRM)

• Design and operate a formal Third-Party Risk Management process:
• Define vendor tiers based on data sensitivity, service criticality, and regulatory impact.
• Run due diligence using security questionnaires, SOC 2 / ISO 27001 certificates, penetration test reports, and contractual clauses.
• Recommend and negotiate risk-based conditions before onboarding high-risk vendors.
• Maintain an up-to-date vendor inventory with risk ratings, review cadence, and security commitments, and coordinate periodic reassessments.

Security Awareness & Culture

• Own the security awareness programme:
• Design and run phishing simulations and campaigns.
• Provide targeted, role-based training for the organisation’s departments.
• Develop short micro-learning content on key risks (phishing, data handling, passwords, safe use of SaaS, secure remote work).
• Promote a “security is everyone’s job” culture.
• Organise and facilitate tabletop exercises involving technology and business leadership.

Business Continuity, Incident & Crisis Management

• Ensure BCP/DR plans explicitly cover cyber scenarios (ransomware, platform unavailability, data corruption, vendor outages) and are aligned with regulatory expectations.
• Plan and coordinate BCP/DR tests, document results, and drive remediation of gaps.
• Act as a key member of the incident response and crisis team:
• Support triage, documentation, and evidence collection.
• Manage or support communications to internal stakeholders, customers, partners, and regulators.
• Contribute to post-incident reviews and ensure lessons learned are fed back into controls, policies, and training.

Security Metrics, Dashboards & Programme Management

• Develop and maintain security dashboards for senior management and the board, including:
• Risk register status and key risk indicators.
• Incident trends and response performance.
• Audit and certification status.
• Training and phishing metrics.
• Vulnerability and patch KPIs; control health indicators.
• Maintain a multi-quarter security roadmap covering governance, tooling, process, and culture initiatives; track milestones, owners, and dependencies.
• Provide clear, concise written reports and presentations to management, risk committees, and where needed external stakeholders or regulators.

Qualifications:

• Strong knowledge of ISO 27001, and familiarity with NIST CSF, SOC 2, PCI-DSS, and GDPR; knowledge of DORA/MiCA or other regional financial regulations is a plus.
• Excellent risk analysis and problem-solving skills, with the ability to balance control rigour with business pragmatism.
• Exceptional communication skills – able to translate technical issues into clear business language and influence senior stakeholders.
• Strong organisation and programme management capabilities: comfortable managing multiple audits, projects, and stakeholders concurrently.

Education & Certifications

• Degree in Computer Science, Information Security, Engineering, or a related field (or equivalent practical experience).
• One or more relevant certifications preferred, such as CISSP, CISM, ISO 27001 Lead Implementer/Lead Auditor, CISA, CCSP or cloud security certifications (e.g., AWS Security).

Personal Attributes

• High sense of ownership and accountability; proactive and hands-on.
• Able to lead through influence, building strong relationships across technology, risk, and business teams.
• Comfortable working in a fast-paced, high-growth, international environment with competing priorities.

Working Schedule:

• Hybrid Model: 3 days from the Office, 2 days from home
• Hours: Monday to Friday, 09:00 – 17:00

Why Join Us? Experience Rewards Beyond Just a Job! Because You Matter.

• Competitive Pay: Our compensation reflects the skills and experience you bring to the table.
• Career Growth: We support your development with ongoing learning and clear paths to advancement.
• Work-Life Balance: 22 days of annual leave to prioritize your personal life.
• Wellness & Healthcare: 12 paid sick days and full medical insurance coverage after 6 months.
• Future Security: Access our provident fund after 6 months.
• Snack Hub: Fully stocked kitchen with fresh fruit, snacks, and beverages.
• Lunch on Us: Enjoy a delicious daily lunch buffet with teammates.
• Paid Overtime: We recognize and reward the time you put in.
• Learning & Development: Dedicated budgets support your upskilling and curiosity.
• Referral Bonus: Get rewarded for growing our community with great talent.
• Team Spirit: Join a team that celebrates together through events and team-building activities.
• Fitness & Recreation: Access to gym facilities, organized sports, and relaxing spa treatments.
• Unwind Fridays: Enjoy a relaxed Friday drink with colleagues to close the week on a high note.

Our culture is built on empathy, respect, and trust, because at the heart of everything we do is you.

Your next big opportunity starts here!

• Apply now at icmarkets.bamboohr.com/careers and let’s build something incredible together!
• Thank you for your interest in joining IC Markets. Due to the high volume of applications, only candidates under consideration will be contacted. All applications are handled with the strictest confidentiality.

Job Tags: MS Office, Κύπρος, Λεμεσός