In 1966, in Marseilles, while the world was talking about Star Trek 🚀, Sodexo was serving its first customers, launching our journey in Quality-of-Life Services, led by the visionary Pierre Bellon.

Since then, we have continued to grow, providing essential everyday solutions and improving the lives of millions of users worldwide. Supported by 400,000 dedicated colleagues in 64 countries, we keep expanding and innovating.

About Sodexo Business Services (SBS)

Portugal is no exception! Seven years ago, we established Sodexo Business Services (SBS), our shared service center. Here, you will have the opportunity to join various Financial teams such as Record to Report, Order to Cash, Purchase to Pay, Financial Analysis, and Master Data, supporting European markets and ensuring business growth.

Join Us!

We are looking for talented professionals to be part of our team, bringing unique skills and perspectives to help us grow even further.

Information Security Compliance Officer

We are looking for a proactive and detail-oriented Information Security professional to join our team and play a key role in strengthening Sodexo’s security and compliance landscape. In this role, you will contribute to the continuous improvement of our Information Security Management System (ISMS) to enhance ISO 27001 compliance, support our journey toward regulatory alignment (including NIS2, AI Act, PCI-DSS, and other applicable frameworks), and ensure robust security governance across projects and supplier relationships. You will also conduct third-party security assurance assessments, perform project risk evaluations, and collaborate closely with Legal teams to ensure appropriate Information Security clauses are embedded in contracts.

⚙What will you do?

1.Information Security Compliance Programme

• Build and manage an annual consolidated Information Security Compliance Programme, providing Business and IT with visibility of internal and external Audit & Assurance activities to support effective demand and resource planning.
• Deliver clear and impactful Security Compliance reporting to inform Risk & Issue updates to the CISO, IT, and Senior Business Leadership.

2. Government Accreditation & European Regulations

• Manage, maintain, and deliver IT Risk Management activities across Sodexo’s systems and applications.
• Create and maintain Risk Management Accreditation Document Sets (RMADS).
• Demonstrate effective use of DART and alternative risk management methodologies.
• Coordinate NIS2 Information Security compliance activities across multiple regions.

3.ISO 27001 & ISMS Management

• Ensure the ISMS is managed and maintained in alignment with the Statement of Applicability and ISO 27001/27002 frameworks.
• Define ISMS requirements and develop, document, and implement security policies.
• Manage and maintain the ISMS documentation set.
• Conduct regular audits across locations within the ISMS scope.
• Develop and execute plans to scale ISO 27001 practices to broaden scope and improve overall security maturity.
• Identify opportunities to consolidate ISMS frameworks where practical and beneficial.

4.Regulatory Compliance (NIS2, AI Act, PCI-DSS, CE+)

• Coordinate, implement, and monitor compliance activities related to applicable regulations (e.g., NIS2, AI Act, PCI-DSS) across a complex, multi-tiered payments and infrastructure environment.
• Perform and/or coordinate targeted CE+ compliance monitoring across relevant business segments and infrastructure.
• Collaborate with internal and external stakeholders to achieve CE+ certifications and recertifications.

5.Information Security Third-Party Assurance

• Manage and enhance questionnaires within the Third-Party Risk Management platform used by internal and external stakeholders.
• Conduct risk-based information security due diligence on vendors to provide appropriate assurance levels to key stakeholders.
• Continuously improve Third-Party Assurance processes and engagement across IS&T, transversal functions, and the wider business.

What you'll need to succeed?:

• Expert knowledge and practical experience of ISO27001 certification requirements and ISMS
• documentation
• Experience of leading and performing internal or external IT audits
• Experience of dealing with third party supplier audits
• Experience of negotiating with stakeholders in designing relevant action plans
• Experience of comprehensive IT internal audit program design and development
• General knowledge of IT environments and technologies
• General Knowledge of Security Architecture or Enterprise Architecture
• Desirable Certifications: CISA, CRISC, QSA, ISO27001 LI, ISO27001 LA.
• Ability to communicate effectively in English, both written and verbally
• Analytical and problem-solving capabilities
• Rigorous and organised

What we have to offer you?

• Hybrid working model;
• Flexible working hours;
• Health & Life Insurance;
• Meal allowance paid in Meal Card;
• Additional Days off: extra vacation day, employee’s birthday, volunteering day;
• More than 6000 free online courses;
• Opportunity to grow professionally inside the Company;
• Possibility to participate in multicultural projects;
• Several internal activities aiming to promote our team´s wellbeing.

📩 Apply now! Send your CV to [email protected] with the job title in the subject line. Explore all our career opportunities here: Sodexo Careers.

Learn more about Sodexo: YouTube - Sodexo.

Diversity & Inclusion Statement

Sodexo is committed to creating a diverse and inclusive work environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment based on merit.

🔒 Data Privacy:

We respect your privacy. Your personal data will be used exclusively for recruitment purposes, processed under GDPR regulations, and treated confidentially. For further details, contact [email protected].