Company overview
BALFIN Group is one of the most successful investment groups in the Western Balkans. Established in 1993, the Group today operates across Austria, Albania, Kosovo, Bosnia and Herzegovina, Croatia, North Macedonia, Switzerland, Montenegro, the Netherlands, Canada, and the United States of America.
Its diversified portfolio spans multiple sectors, including banking, real estate development, wholesale and retail, asset management, tourism, logistics, education, and entertainment.
With a workforce of approximately 5,500 professionals, BALFIN Group continues to grow steadily, guided by strong business ethics, financial stability, innovation, and a long-term commitment to community impact through Mane Foundation.
Happy Pay Sha is BALFIN Group’s fintech platform, offering regulated digital financial services in Albania. Established in 2020, Happy has evolved beyond loyalty programs to offer integrated electronic payment processing, digital wallet services, Buy Now Pay Later (BNPL) credit solutions, and the issuance of electronic money. Serving both individuals and businesses, its mobile app and integrated POS/kiosk systems support, secure and flexible payment solutions – creating a full digital transaction ecosystem. Licensed under Albanian financial regulations, Happy Pay will uphold high standards of security, compliance, and user experience and lead Albania’s digital finance transformation with innovation and smart commerce solutions.
Position: Information Security Officer (ISO)
Reports to: CEO/RISK Department
Supervises: N/A
Company: Happy Pay sha
Overview:
The Information Security Officer is responsible for establishing, implementing, maintaining, and continuously improving the information security framework of the company. The role ensures the confidentiality, integrity, and availability of information assets, systems, applications, and customer data while supporting compliance with regulatory requirements, cybersecurity standards, and internal policies.
The Information Security Officer acts as the second line of defense, providing independent oversight of information security risks, cybersecurity controls, ICT security measures, and security governance across the institution.
Key Responsibilities
- Develop, implement, maintain, and continuously improve the Information Security Framework, policies, procedures, standards, and supporting documentation.
- Ensure information security practices are aligned with the institution’s business objectives, risk appetite, strategic plans, and regulatory requirements.
- Define and maintain the company’s Information Security Strategy and roadmap.
- Promote a security-aware culture across the organization.
- Provide periodic reporting on information security risks, cybersecurity posture, incidents, and key security initiatives to Senior Management, relevant Committees, and the Board.
- Identify, assess, monitor, and report information security and cyber risks.
- Maintain the Information Security Risk Register and monitor mitigation plans.
- Perform periodic security risk assessments of systems, applications, infrastructure, business processes, projects, and third-party providers.
- Monitor emerging cyber threats, vulnerabilities, and industry trends that may impact the institution.
- Evaluate and recommend appropriate security controls and countermeasures.
- Oversee the implementation and effectiveness of cybersecurity controls across the institution.
- Review and monitor identity and access management controls, privileged access rights, segregation of duties, and user permissions.
- Monitor security logs, security events, and security monitoring mechanisms to identify potential threats and incidents.
- Takes care of users rights (privileges), procedures on assigning the privileges and ”conflict
- of interest”, as well as whether these are assigned or revoked timely and correctly
- Ensure appropriate security measures are implemented and maintained for networks, endpoints, cloud environments, applications, databases, and digital channels.
- Coordinate vulnerability assessments, penetration testing, security reviews, and remediation activities.
- Monitor and verify timely closure of identified vulnerabilities and security weaknesses.
- Develop, maintain, and periodically test the Cyber Security Incident Response Plan and related procedures.
- Participate in management, investigation, and resolution of information security incidents.
- Ensure security incidents are properly documented, analyzed, escalated, and reported.
- Monitor corrective actions and lessons learned following incidents.
- Support cyber incident reporting obligations to the Bank of Albania and other competent authorities.
- Support and oversee information security aspects of Business Continuity Management (BCM), Disaster Recovery (DR), backup and recovery processes, including periodic testing and continuity exercises.
- Assess and monitor information security risks related to vendors, service providers, outsourcing arrangements, and other third parties, ensuring compliance with contractual, regulatory, and security requirements.
- Participate in security assessments of new products, services, projects, technologies, and ICT changes, ensuring the application of security-by-design and privacy-by-design principles throughout the lifecycle.
- Develop and coordinate information security awareness and training programs, promoting best practices related to cybersecurity, data protection, phishing, social engineering, and other emerging security risks.
- Ensure compliance with applicable ICT, cybersecurity, information security, operational resilience, and data protection regulations, while maintaining alignment with relevant regulatory requirements and industry-recognized security frameworks and standards.
- Ensuring that all IT and information security programs are in compliance with applicable laws, regulation and polices.
- Monitors the compliance with Data Protection Laws and Regulations and is part of the team established for this purpose;
Job Requirements
- Master’s degree in information technology, Computer Science, Cybersecurity, Information Systems, or a related field.
- At least 3 years solid experience working in IT/ IT Audit and/or Information Security.
- As a professional, to fit the profile of a strong organizer and influencer.
- Highly proficient in English language.
- Excellent knowledge in IP protocol and network security technologies;
- Strong adaptability and curiosity in new technological practices or new solutions
- Personality described as both driven and structured and analytical mind.
- Excellent relationship management and networking skills.
- Sensitive to organizational needs and interests to a high degree.
- Professional certification is preferred (such as CISSP, CISM, CISA or other
- information security credentials).
- Knowledge of information security and control frameworks such as ISO 27001, ISO
- 27002, ISO 27005, COBiT, COSO and ITIL
What We Offer
- An attractive benefit package, including fair remuneration based on merit and performance evaluation.
- An exceptional opportunity to develop your skills and growth within BALFIN Group.
- Extra Leave days
- Dynamic and collaborative work environment
Application Procedure: To apply for this position, please submit a CV in i.shima@happy.al by 10th July 2026
*Your personal data (in your capacity as a job candidate) will be processed in accordance with Law no. 124/2024, dated 19/12/2024 “On the Protection of Personal Data,” as well as the Internal Regulation on the Protection of Personal Data (approved by Happy Pay Sha). This applies to the confidentiality and security of personal data. Only selected applicants will be notified about the next stages.
The processed data is accessed solely by HAPPY Pay Sha as the employer, specifically by the Human Resources Department.
The data of unsuccessful candidates will be retained for a maximum period of 1 year from the announcement of the successful candidate, for the purpose of contacting them in case of similar job openings matching the applicant’s profile. After 1 year, the data will be irreversibly deleted.