Information Security Officer – Banking Sector

ThreatScene is redefining cybersecurity by delivering advanced solutions to safeguard public bodies, enterprises, the defence sector, maritime, and critical infrastructure. We empower organisations to navigate the cyber landscape confidently, ensuring resilience against evolving threats. At ThreatScene, we're building a secure, compliant, and resilient digital ecosystem. 

We are seeking an Information Security Officer to support Cyber Security Governance, Risk Management, and Compliance (GRC) activities for a customer in the banking sector.

Responsibilities

· Develop, implement, review, and maintain ISMS policies and procedures aligned with banking requirements and industry standards.

· Support the identification, assessment, and management of cybersecurity risks across systems and business processes.

· Manage Third-Party Risk Management (TPRM) activities, including vendor due diligence and ongoing monitoring.

· Coordinate with system owners to track vulnerability assessment and penetration testing findings and ensure timely remediation.

· Support information security audits by preparing documentation, collecting evidence, coordinating audit activities, and following up on remediation actions.

· Assess AI systems and third-party solutions for information security, data protection, governance, and regulatory compliance risks.

· Monitor emerging cybersecurity threats and regulatory developments relevant to the banking sector.

· Support information security incident management activities, including reporting, documentation, and post-incident reviews.

· Provide information security guidance and support to internal stakeholders.

· Ensure the confidentiality and integrity of sensitive security and regulatory information.

Qualifications

· Bachelor’s degree in Information Security, IT, Computer Science, or a related field.

· Minimum of three (3) years of experience in Information Security GRC, preferably within the banking or financial services sector.

· Good knowledge of information security standards, frameworks, and regulations such as ISO 27001, NIS2, DORA, and GDPR.

· Experience with Third-Party Risk Management, audits, or certification processes will be considered an advantage.

· Experience using AI tools to support security, risk, or compliance activities while adhering to internal controls and regulatory requirements.

· Strong communication and collaboration skills across IT, business, and control functions.

· Good writing skills, attention to detail, and ability to maintain accurate documentation and evidence.

· High level of integrity, professionalism, and ethical conduct.