Information Security Manager

Information Security Manager

• Job Type: Fully remote. Occasional travel to build relationships with the team.
• Hours: Full-Time.
• Base Salary: €4-6k per month, B2B contract
• Location: Anywhere within Europe or the UK.
• Organisation: Physitrack

About Physitrack (and Champion Health)

At Physitrack our Mission is to elevate the world's wellbeing. We’re a global digital healthcare provider with team members on four continents, customers in 17 time zones, and millions of end users in 187 countries. We have two products: Physitrack - a SaaS B2B platform used by physiotherapists and their patients, Champion Health that is a Wellbeing platform.

About the role

We are looking for an experienced, enthusiastic Information Security Manager who brings a proven toolkit of best-practice ISM resources and experience to design, plan, implement, and enforce policies and procedures to protect Physitrack’s computing infrastructure, network, and data from all forms of security breaches.

You will be responsible for overseeing information security, cybersecurity, and IT risk management programs based on industry-accepted information security and risk management frameworks.

To be successful as an Information Security Manager, you should have excellent analytical skills, in-depth knowledge of best practices, and prior experience with external or internal IT audits. Top candidates will also be excellent communicators who can work with little supervision.

Experience with ISO 27001, ISO 27018, and GDPR is required. Knowledge of medical standards like HIPAA is nice to have.

Responsibilities

• Coordination of the continuous development, implementation, and updating of security processes, policies, standards, guidelines, and baselines.
• Take ownership of the audits and facilitate management response and remediation efforts.
• Keeping up to date with developments in IT security standards and threats.
• Collaborating with management and the IT Engineering department to improve security.
• Documenting any security breaches and assessing their damage.
• Acting as the Data Protection Officer, collaborating closely with the Legal team to ensure compliance with data protection regulations and best practices.
• Develop and manage the frameworks, processes, tools, and consultancy necessary for IT to properly manage risk and to make risk-based decisions related to IT activities.
• Proactive identification and mitigation of IT risks as well as responding to observations identified by third-party auditors or examiners while assisting in the development of periodic reports and dashboards presenting the level of controls compliance and current IT risk posture.
• Educating colleagues about security software and best practices for information security and coordinating the company-wide infosec training efforts.

A selection of typical tasks (not exhaustive):

• Working closely with the Sales team, helping to answer customers’ information security queries as needed, including RFPs
• Run both internal and external audits
• Run security onboarding and off-boarding process including infosec training coordination with the use of dedicated tools
• Review and update security documentation 
• Raise non-conformities as needed, and schedule for resolution 

Requirements:

• Experience in the information security role.
• Knowledge of relevant legislation (mainly GDPR) and standards (ISO 27001 and ISO 27018)
• Ability to educate a non-technical audience about various security measures.
• Effective verbal and written communication skills.
• Fluent english and polish

Nice to have: 

• Professional information security certification.
• General cloud computing and web applications knowledge
• Project management and change management skills

How to Apply

Interested candidates should submit their CV. Physitrack is an equal opportunity employer and values diversity. Employment decisions are made based on qualifications, merit, and business need.