Back

Careers

Announcements

Information Security & Compliance Officer

No. of Positions:

Terms of Employment:

The Duration of the assignment is 1 (one) year from the commencement of work. Contract may be extended after performance analysis at the end of the term.

Remuneration:

Based on qualifications and experience.

Scope of Work

The Information Security & Compliance Officer is responsible for establishing, implementing, and maintaining information security policies, standards, and compliance frameworks across the organization. The role ensures that digital platforms, infrastructure, and processes adhere to regulatory requirements, industry best practices, and organizational risk management strategies.

Key Responsibilities

ISO/IEC 27001 Implementation Management:
- Lead and manage the full implementation of ISO/IEC 27001 within the organization.
- Coordinate with international consultants to define the roadmap, track progress, and resolve risks or delays.
- Provide regular progress updates to senior management.
Policy, Procedure & Standards Development:
- Develop and maintain information security policies, procedures, and standards (aligned with ISO 27001, GDPR, PCI-DSS, and local regulations).
- Collaborate with internal departments to identify and classify information assets, and define appropriate controls.
- Ensure all policies and procedures are documented, approved, and communicated across the organization.
- Deliver staff training on ICT/security policies and relevant international standards.
Risk Assessment & Treatment:
- Conduct ISMS risk assessments, asset classification, and risk treatment planning.
- Coordinate with the corporate risk management function to maintain and update the organization’s risk register and treatment plan.
- Monitor implementation of risk mitigation measures and ensure timely escalation of issues.
Awareness & Internal Engagement:
- Plan and conduct security awareness campaigns and training programs.
- Ensure all employees understand their responsibilities in safeguarding information assets.
Audit & Certification Readiness:
- Organize and manage internal ISMS audits and pre-certification assessments.
- Ensure documentation, records, and evidence are audit-ready.
- Track and resolve non-conformities through corrective action plans.
Post-Certification Compliance & Improvement:
- Maintain ongoing compliance with ISO/IEC 27001 post-certification.
- Coordinate surveillance audits, periodic ISMS reviews, and documentation updates.
- Drive continual improvement of ISMS and the overall security posture.

Qualification & Experience:

Bachelor’s degree in Information Technology, Cybersecurity, Business Administration, or a related field.
Minimum 2–3 years of experience in ISO/IEC 27001 implementation or information security governance.
Familiarity with ISMS risk assessments, asset management, and control implementation.
ISO/IEC 27001 Lead Implementer or Lead Auditor certification (mandatory).
Experience working with external consultants or auditors is preferred.

Skills & Competencies:

Strong knowledge of ISO/IEC 27001 standards, Annex A controls, and ISMS lifecycle.
Knowledge of information security risks, controls, and data protection best practices.
Excellent organizational, project management, and documentation skills.
Strong communication skills and the ability to engage with both technical and non-technical teams.
High integrity, confidentiality, and attention to detail.

Application Submission

Interested candidates are invited to submit their completed job application form together with an up-to-date CV to careers@tradenet.com.mv no later than 16:00 hrs on 06th September 2025.

Additional Documents for Shortlisted Candidates

Please be informed that applicants who are shortlisted will be contacted for an interview and will be required to provide the following documents via email to careers@tradenet.com.mv upon notification: