Senior Information Security Officer

Join our dynamic team at IC Markets as a Senior Information Security Officer and help shape the future of FinTech innovation. This full-time, on-site opportunity based in Limassol offers you the chance to make a real impact in a fast-paced and forward-thinking environment. Apply now and take the next step in your career with us

Who We Are:

IC Markets, a global leader in trading with over 15 years of success, a strong international presence, and a team of skilled professionals, remains at the forefront of financial technology innovation. As an agile company that values growth and collaboration, we offer an exciting opportunity to be part of a dynamic industry where innovation meets excellence.

What You'll Do:

We are looking for a Senior Information Security Officer (Governance, Risk & Compliance) to lead and mature our security governance, risk management, and compliance (GRC) function in a fast-moving online trading/fintech environment. 

You will act as the ISMS owner and GRC lead, aligning our security strategy with business objectives and regulatory requirements, and ensuring our controls are practical, measurable, and auditable. This is a hands-on role: part programme leader, part advisor, part "evidence factory" owner. You'll work closely with IT, Engineering, Legal/Compliance, Operations, and senior management.

What We're Looking For:

Governance & Frameworks 

• Own and continuously improve the Information Security Management System (ISMS) in line with  ISO 27001 and other relevant frameworks (NIST CSF, SOC 2, SCA). 
• Manage the full policy and standard lifecycle: 

o Draft, review, and update security policies, standards and guidelines. 

o Coordinate approvals with stakeholders and senior management. 

o Ensure policies are communicated, acknowledged and enforced through processes and technical controls. 

• Maintain a security control framework mapped to regulations and standards (e.g. GDPR,  DORA/MiCA or sector-specific rules, where applicable). 

Risk Management 

• Own the security risk register: 

o Ensure risks have clear owners, impact/likelihood ratings, treatment plans and due  dates. 

o Track mitigation progress and residual risk. 

• Run structured risk assessments for: 

o New systems, products and major change initiatives. 

o New vendors and key third parties (coordinated with Procurement, Legal, Compliance). o Periodic refresh of key risks at least annually, including scenario-based analysis relevant  to trading and financial operations. 

• Integrate security risks into the enterprise risk management process and support board level/security committee reporting.  

Compliance, Certification & Audit 

• Lead the operational side of security frameworks: gap assessments, remediation plans, internal  audits and external audits. 
• Coordinate internal audits, external auditor reviews and regulatory inspections relevant to  information security and IT risk. 
• Maintain an "evidence factory":

o Standardised repositories for logs, screenshots, configurations, reports and tickets used  as control evidence. 

o Version-controlled procedures and records for key controls (access reviews, backup  tests, incident drills, change approvals, etc.). 

• Track all audit findings, non-conformities and recommendations to closure, with assigned  owners, due dates and periodic status reporting to management.  

Third-Party & Vendor Risk Management (TPRM) 

• Design and operate a formal Third-Party Risk Management process: 

o Define vendor tiers based on data sensitivity, service criticality and regulatory impact. o Run due diligence using security questionnaires, SOC 2 / ISO 27001 certificates,  penetration test reports and contractual clauses. 

• Recommend and negotiate risk-based conditions before onboarding high-risk vendors.
  • Maintain an up-to-date vendor inventory with risk ratings, review cadence and security  commitments, and coordinate periodic reassessments. 

Security Awareness & Culture 

• Own the security awareness programme: 

o Design and run phishing simulations and campaings. 

o Provide targeted, role-based training for the organisation's departments.

o Develop short micro-learning content on key risks (phishing, data handling, passwords,  safe use of SaaS, secure remote work).  

• Promote a "security is everyone's job" culture. 
• Organise and facilitate tabletop exercises involving technology and business leadership. 

Business Continuity, Incident & Crisis Management 

• Ensure BCP/DR plans explicitly cover cyber scenarios (ransomware, platform unavailability, data  corruption, vendor outages) and are aligned with regulatory expectations.  
• Plan and coordinate BCP/DR tests, document results and drive remediation of gaps.
  • Act as a key member of the incident response and crisis team: 

o Support triage, documentation and evidence collection. 

o Manage or support communications to internal stakeholders, customers, partners and regulators. 

o Contribute to post-incident reviews and ensure lessons learned are fed back into  controls, policies and training. 

Security Metrics, Dashboards & Programme Management 

• Develop and maintain security dashboards for senior management and the board, including: o Risk register status and key risk indicators. 

o Incident trends and response performance. 

o Audit and certification status. 

o Training and phishing metrics. 

o Vulnerability and patch KPIs; control health indicators. 

• Maintain a multi-quarter security roadmap covering governance, tooling, process and culture  initiatives; track milestones, owners and dependencies.  
• Provide clear, concise written reports and presentations to management, risk committees and  where needed external stakeholders or regulators.

Qualifications:

• Strong knowledge of ISO 27001, and familiarity with NIST CSF, SOC 2, PCI-DSS and GDPR;  knowledge of DORA/MiCA or other regional financial regulations is a plus. 
  
• Excellent risk analysis and problem-solving skills, with the ability to balance control rigour with business pragmatism.  
• Exceptional communication skills – able to translate technical issues into clear business language and influence senior stakeholders.  
• Strong organisation and programme management capabilities: comfortable managing multiple audits, projects and stakeholders concurrently.  

Education & Certifications 

Degree in Computer Science, Information Security, Engineering, or a related field (or equivalent practical experience).  

One or more relevant certifications preferred, such as CISSP, CISM, ISO 27001 Lead Implementer/Lead Auditor, CISA, CCSP or cloud security certifications (e.g. AWS Security). 

Personal Attributes 

• High sense of ownership and accountability; proactive and hands-on.  
• Able to lead through influence, building strong relationships across technology, risk, and business teams. 
• Comfortable working in a fast-paced, high-growth, international environment with competing priorities.

Working Schedule:

Hybrid Model (3 days from the Office, 2 days from home)

Monday to Friday: 09:00 – 17:00

Why Join Us? Experience Rewards Beyond Just a Job Because You Matter.

• Competitive Pay – We value you, not just your role. Our compensation reflects the skills and experience you bring to the table.
• Career Growth – Your journey is important. We're here to support your development with ongoing learning and clear paths to advancement.
• Work-Life Balance – Time to rest is time to thrive. With 22 days of annual leave, your personal life is respected and prioritized.
• Wellness & Healthcare – Health comes first. Enjoy 12 paid sick days and full medical insurance coverage after 6 months—because your well-being is our priority.
• Future Security – We're invested in your tomorrow. Access our provident fund after 6 months for peace of mind down the road.
• Snack Hub – We care about your daily comfort. Our fully stocked kitchen keeps you energized with fresh fruit, snacks, and beverages.
• Lunch on Us – Nourishment and connection matter. Enjoy a delicious daily lunch buffet with teammates.
• Paid Overtime – Your extra effort doesn't go unnoticed. We recognize and reward the time you put in.
• Learning & Development – We believe in your potential. Dedicated budgets support your upskilling and curiosity.
• Referral Bonus – People matter here. Bring in great talent and get rewarded for growing our community.
• Team Spirit – Culture is everything. Join a team that celebrates together through events and team-building activities.
• Fitness & Recreation – Stay active and refreshed with access to gym facilities, organized sports, and relaxing spa treatments.
• Unwind Fridays – We're human too. Enjoy a relaxed Friday drink with colleagues to close the week on a high note.

Our culture is built on empathy, respect, and trust, because at the heart of everything we do is you.

Your next big opportunity starts here

• Apply now at and let's build something incredible together
• Thank you for your interest in joining IC Markets. Due to the high volume of applications, only candidates under consideration will be contacted. All applications are handled with the strictest confidentiality.