Brand

Back to All Vacancies

Information Security Officer (ISO)

About the Role

We are seeking an experienced and proactive Information Security Officer (ISO) to take ownership of our information security framework and lead our compliance with the Digital Operational Resilience Act (DORA). 

This role will give you the opportunity to build and shape the Bank’s security function from the ground up. We’re looking for someone who’s hands-on, practical, and ready to take that lead. As a small bank, we offer the chance to make a real impact, work closely with decision-makers, and bring security to the heart of everything we do.

Key Responsibilities

As an Information Security Officer, your daily activities will include: 

  • Working with other functions to support the Bank’s compliance with DORA requirements: ICT risk management, incident reporting, resilience testing, third party ICT service provider oversight, and other relevant provisions.
  • Ensuring adherence to other relevant laws/regulations (MFSA, EU law, GDPR, etc.) and international standards).
  • Liaising with regulatory bodies, internal audit, and external auditors regarding security and operational resilience.
  • Developing, maintaining and updating the Bank’s Information Security Framework (ISF), including policies, standards, procedures, guidelines and controls.
  • Identifying vulnerabilities and threats, assess likelihood and impact, recommend, and track mitigation plans.
  • Participating in business initiatives to ensure security is embedded in projects (secure by design).
  • Establishing, testing, and maintaining an incident response plan aligned with DORA’s requirements.
  • Ensuring timely detection, reporting (internally and to regulators where required), containment, remediation, and lessons learned from security incidents.
  • Leading the yearly DOR testing programme.
  • Evaluating the security posture of ICT service providers / vendors, ensuring contractual and operational controls are aligned with DORA and internal policies.
  • Maintaining and reviewing outsourcing / vendor registers, conducting due diligence, and periodic audits / assessments of third parties.
  • Monitoring security incidents, system logs, vulnerabilities, threats, and emerging risks.
  • Producing regular reports for senior management, risk committees, and the Board on information security posture, compliance status, incident metrics, risk treatment plans, etc.

Skills and Capabilities Required

  • 3+ years of experience in information security or ICT risk, ideally in financial services or regulated environments.
  • Familiarity with DORA, MFSA requirements, and other relevant regulations (e.g. GDPR).
  • Working knowledge of ISO 27001, NIST, or other security frameworks.
  • Strong understanding of ICT environments, especially in cloud-based or outsourced setups.
  • Hands-on, proactive approach — comfortable being both strategic and operational.
  • Excellent communication and stakeholder engagement skills.
  • Relevant certifications (e.g. CISSP, CISM, ISO 27001) are an asset, but not essential.

Why Join Izola Bank?

  • Shape a function with real influence and visibility.
  • Work in a collaborative, supportive environment.
  • Enjoy a role with broad scope and autonomy.

Benefits 

This opportunity comes with an attractive remuneration, wellbeing incentives as well as offers prospects for personal development. 

Our employees’ health and wellbeing are important to us. To support this, we offer private health insurance, as well as life and personal accident insurance. In addition, we offer an interest subsidy on home loans or a rental subsidy, a fitness allowance and free parking.  

We recognise our employees’ potential and invest in their growth by providing training and development opportunities both internally and with external providers. Our employees can also benefit from remote working arrangements to help with better work/life balance and to help us create a greener environment saving on commuting and vehicle costs.

Submit application