Developing and Implementing Security Policies:
Formulate, implement, and manage comprehensive information security policies and procedures.
Ensure compliance with relevant industry standards and regulations.
Identify and assess potential security risks and vulnerabilities.
Develop strategies to mitigate and manage security risks.
Incident Response and Management:
Establish and manage an incident response plan to address security incidents promptly and effectively.
Investigate security breaches and provide detailed reports on the impact and root causes.
Security Awareness and Training:
Conduct security awareness programs to educate employees on information security best practices.
Provide training to staff on handling sensitive data and recognizing potential security threats.
Design and implement a secure information systems architecture.
Work with IT teams to integrate security measures into the overall system design.
Security Audits and Compliance:
Conduct regular security audits to assess the effectiveness of security measures.
Ensure compliance with relevant laws, regulations, and industry standards.
Evaluate and manage security aspects of third-party vendors and service providers.
Ensure that external partners meet the organization's security standards.
Evaluate, implement, and manage security technologies such as firewalls, antivirus software, encryption, and intrusion detection/prevention systems.
Prepare and present regular reports on the organization's security posture to executive management and relevant stakeholders.
Bachelor's or master's degree in information security, computer science, etc or a related field.
Relevant certifications such as Certified ISO 27001:2022 Lead Auditor or Lead Implementor
Several years of experience in information security roles, with a track record of progressively increasing responsibility.
Strong communication and interpersonal skills to effectively convey complex security concepts to both technical and non-technical stakeholders.