§ Oversee and manage the organization's security and governance functions. This role involves ensuring the confidentiality, integrity, and availability of the organization's information assets and systems.
§ Responsible for establishing and maintaining a comprehensive security program and implementing governance frameworks to mitigate risks and ensure compliance with relevant regulations and standards.
Job Responsibilities
§ Develop and implement a comprehensive security program to protect the organization's information assets, systems, and networks.
§ Assess security risks and vulnerabilities, and define security policies, standards, and procedures.
§ Implement security controls and safeguards to mitigate risks and protect against threats.
§ Monitor and evaluate the effectiveness of security measures and adjust as necessary.
§ Establish governance frameworks and risk management processes to ensure compliance with laws, regulations, and industry standards.
§ Conduct risk assessments to identify potential risks and vulnerabilities.
§ Develop and implement controls and mitigation strategies to manage and minimize risks.
§ Monitor and report on risk levels to senior management and relevant stakeholders.
§ Stay updated on relevant laws, regulations, and industry standards related to data protection and information security.
§ Ensure the organization's compliance with applicable regulations, such as GDPR, HIPAA, PCI DSS, or industry-specific requirements.
§ Implement controls and processes to address compliance gaps and mitigate risks.
§ Coordinate audits and assessments to demonstrate compliance to regulatory bodies.
§ Develop and deliver security awareness and training programs to educate employees on security best practices, policies, and procedures.
§ Foster a culture of security awareness and ensure employees understand their roles and responsibilities in safeguarding information assets.
§ Conduct regular security training sessions and disseminate security-related communications.
§ Develop and maintain an incident response plan to handle security incidents effectively.
§ Establish processes for incident identification, containment, eradication, and recovery.
§ Coordinate incident response activities, including communication, documentation, and reporting.
§ Conduct digital forensics investigations to identify the root cause of security incidents and implement preventive measures.
§ Assess and manage security risks associated with third-party vendors and service providers.
§ Conduct due diligence on potential vendors, evaluate their security controls, and include appropriate security requirements in contracts.
§ Monitor vendor performance and compliance with security requirements.
§ Implement measures to mitigate third-party risks and ensure ongoing security.
§ Define and track security metrics to measure the effectiveness of security controls and the overall security posture of the organization.
§ Prepare and present regular reports on security-related metrics, incidents, and compliance status to senior management and relevant stakeholders.
Provide recommendations for security improvements based on analysis of security data and trends.
Requirements
Qualifications:
Essential: B.Sc. Engineering, Computer Science and Information Systems.
Work Experience:
Essential: a minimum of 8 years of experience in IT Infrastructure services.
Specific skills, knowledge and behavior required for the job.
Proficiency in information security frameworks, standards, and best practices (e.g., ISO 27001, NIST Cybersecurity Framework).
Knowledge of security technologies and tools, such as firewalls, intrusion detection systems, encryption, vulnerability scanners, and SIEM (Security Information and Event Management) solutions