MENU

About Us
Industries
Human Resources
Sustainability
News & Media
Contacts

MENU

Search
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
About Us
Featured Content
Industries
Featured Content
News & Media
Featured Content
Senior Information Security Specialist
Company: BALFIN Group
Location: Tirana, Albania
Deadline: 1 Oct 2025

BALFIN Group is one of the leading investment groups in the Western Balkans region, embodying international standards with local expertise. Founded in 1993 in Vienna by Samir Mane, today, the Group has a presence in 11 countries, Austria, Albania, Kosovo, Bosnia and Herzegovina, North Macedonia, Montenegro, Switzerland, Croatia, the Netherlands, USA, and Canada. BALFIN, a diversified group active in real estate, wholesale and retail, banking, asset management, tourism, education, and logistics, employs approximately 5,500 people.

Job Position:             Senior Information Security Specialist  

Department:              IT Department

Location:                    Tirana

 

Overview

The Senior Information Security Specialist leads, implements, and oversees the organization’s information security strategy. This role combines technical expertise, risk management, and cross-functional collaboration to ensure our information assets, infrastructure, and systems remain secure, resilient, and compliant with regulatory requirements.

Main Responsibilities:


Information Security Governance

       Support the implementation and continuous improvement of the Information Security Governance Framework across the group.

       Assist in the development, review, and enforcement of security policies, standards, and procedures aligned with ISO/IEC 27001, GDPR, and other relevant regulations.

       Provide guidance to business units to ensure compliance with internal policies and external requirements.

       Contribute to the preparation of security metrics, dashboards, and reports on the organization’s information security posture.

       Support activities related to Business Continuity and Disaster Recovery, including plan maintenance, testing, and documentation

Risk Management

       Participate in the identification, assessment, and treatment of information security risks across business processes, IT systems, and third parties.

       Maintain and update the Information Security Risk Register, ensuring risks are tracked and managed effectively.

       Support the execution of risk treatment plans, monitor the effectiveness of controls, and report on remediation progress.

       Provide input during vendor assessments and due diligence activities to ensure third-party risks are managed.

Security Operations

       Monitor security events and alerts using SIEM tools and escalate issues as appropriate.

       Assist in the planning and execution of vulnerability assessments, penetration tests, and security audits.

       Coordinate with IT and business teams for timely remediation of identified vulnerabilities and weaknesses.

       Support incident response activities, including investigation, containment, eradication, recovery, and lessons learned.

       Maintain accurate incident documentation and contribute to the improvement of incident response playbooks.

Awareness & Training

       Promote a strong culture of information security awareness across the group.

       Deliver or support security training sessions, phishing simulations, and awareness campaigns.

       Act as a subject matter advisor to business functions regarding secure practices and regulatory obligations

Projects & Advisory

       Provide security requirements and support for IT and business projects to ensure security by design.

       Collaborate with project teams to assess risks of new technologies, services, or vendors.

       Advice on the integration of security controls into business processes and applications.

 

Requirements

Competencies and Skills

      Bachelor’s degree in information security, Computer Science, IT, or related field.

      Minimum 2 years of experience in Information Security, IT Risk, or related fields.

      Solid understanding of ISO/IEC 27001, GDPR, and general information security governance frameworks.

      Experience with security tools such as SIEM, DLP, vulnerability scanners.

      Experience supporting or participating in audits, risk assessments, and compliance activities.

      Strong communication skills and ability to work cross-functionally with IT and business teams.

      Relevant certifications preferred (e.g., CISSP, CISM, ISO 27001 Lead Implementer/Auditor, CEH, CCSP).

     Analytical mindset with the ability to balance technical details with business priorities

 

Benefits

What We Offer

      An attractive benefit package, including fair remuneration based on merit and performance evaluation.

      An exceptional opportunity to develop your skills and growth within BALFIN Group.

      Extra Leave days

      Recognition Rewards

      Flexible working hours

Application Procedure: To apply for this position, please submit a CV by October 1st, 2025.

All applications will be treated with strict confidentiality according to the law No. 9887 set by the Albanian Parliament for the “Protection of Personal Data”. Only the selected candidates will be notified.


Apply Now