In 1966, in Marseilles, while the world was talking about Star Trek , Sodexo was serving its first customers, launching our journey in Quality-of-Life Services, led by the visionary Pierre Bellon.Since then, we have continued to grow, providing essential everyday solutions and improving the lives of millions of users worldwide. Supported by 400,000 dedicated colleagues in 64 countries, we keep expanding and innovating.About Sodexo Business Services (SBS)Portugal is no exception! Seven years ago, we established Sodexo Business Services (SBS), our shared service center. Here, you will have the opportunity to join various Financial teams such as Record to Report, Order to Cash, Purchase to Pay, Financial Analysis, and Master Data, supporting European markets and ensuring business growth.Join Us!We are looking for talented professionals to be part of our team, bringing unique skills and perspectives to help us grow even further.Information Security Compliance OfficerWe are looking for a proactive and detail-oriented Information Security professional to join our team and play a key role in strengthening Sodexo’s security and compliance landscape. In this role, you will contribute to the continuous improvement of our Information Security Management System (ISMS) to enhance ISO 27001 compliance, support our journey toward regulatory alignment (including NIS2, AI Act, PCI-DSS, and other applicable frameworks), and ensure robust security governance across projects and supplier relationships. You will also conduct third-party security assurance assessments, perform project risk evaluations, and collaborate closely with Legal teams to ensure appropriate Information Security clauses are embedded in contracts.What will you do?1.Information Security Compliance ProgrammeBuild and manage an annual consolidated Information Security Compliance Programme, providing Business and IT with visibility of internal and external Audit & Assurance activities to support effective demand and resource planning.Deliver clear and impactful Security Compliance reporting to inform Risk & Issue updates to the CISO, IT, and Senior Business Leadership.2. Government Accreditation & European RegulationsManage, maintain, and deliver IT Risk Management activities across Sodexo’s systems and applications.Create and maintain Risk Management Accreditation Document Sets (RMADS).Demonstrate effective use of DART and alternative risk management methodologies.Coordinate NIS2 Information Security compliance activities across multiple regions.3.ISO 27001 & ISMS ManagementEnsure the ISMS is managed and maintained in alignment with the Statement of Applicability and ISO 27001/27002 frameworks.Define ISMS requirements and develop, document, and implement security policies.Manage and maintain the ISMS documentation set.Conduct regular audits across locations within the ISMS scope.Develop and execute plans to scale ISO 27001 practices to broaden scope and improve overall security maturity.Identify opportunities to consolidate ISMS frameworks where practical and beneficial.4.Regulatory Compliance (NIS2, AI Act, PCI-DSS, CE+)Coordinate, implement, and monitor compliance activities related to applicable regulations (e.g., NIS2, AI Act, PCI-DSS) across a complex, multi-tiered payments and infrastructure environment.Perform and/or coordinate targeted CE+ compliance monitoring across relevant business segments and infrastructure.Collaborate with internal and external stakeholders to achieve CE+ certifications and recertifications.5.Information Security Third-Party AssuranceManage and enhance questionnaires within the Third-Party Risk Management platform used by internal and external stakeholders.Conduct risk-based information security due diligence on vendors to provide appropriate assurance levels to key stakeholders.Continuously improve Third-Party Assurance processes and engagement across IS&T, transversal functions, and the wider business.What you'll need to succeed?:Expert knowledge and practical experience of ISO27001 certification requirements and ISMSdocumentationExperience of leading and performing internal or external IT auditsExperience of dealing with third party supplier auditsExperience of negotiating with stakeholders in designing relevant action plansExperience of comprehensive IT internal audit program design and developmentGeneral knowledge of IT environments and technologiesGeneral Knowledge of Security Architecture or Enterprise ArchitectureDesirable Certifications: CISA, CRISC, QSA, ISO27001 LI, ISO27001 LA.Ability to communicate effectively in English, both written and verballyAnalytical and problem-solving capabilitiesRigorous and organisedWhat we have to offer you?Hybrid working model;Flexible working hours;Health & Life Insurance;Meal allowance paid in Meal Card;Additional Days off: extra vacation day, employee’s birthday, volunteering day;More than 6000 free online courses;Opportunity to grow professionally inside the Company;Possibility to participate in multicultural projects;Several internal activities aiming to promote our team´s wellbeing. Apply now! Send your CV to with the job title in the subject line. Explore all our career opportunities here: Sodexo Careers.Learn more about Sodexo: YouTube - Sodexo.Diversity & Inclusion StatementSodexo is committed to creating a diverse and inclusive work environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment based on merit. Data Privacy:We respect your privacy. Your personal data will be used exclusively for recruitment purposes, processed under GDPR regulations, and treated confidentially. For further details, contact .