Careers

Job Title: Information Security and Risk Officer

Department/Division: QA & Compliance Dept Information Security & Risk

Job Reference: ISRO2023-001

Reports to: QA & Compliance Manager

Job Description:

• Develop, implement and monitor a strategic, comprehensive enterprise information security and privacy risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.
• Develop, maintain and publish up-to-date information security and privacy policies, standards and guidelines. Oversee the approval, training, and dissemination of policies and procedures.
• Create, communicate and implement a risk-based process for risk management, including the assessment and treatment for risks from relevant stakeholders that may result from partners, consultants and service providers.
• Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risks.
• Ensure compliance with ISO Standards 27001, 27701, 22301, 20000, 9001, Web Trust CA and relevant laws, regulations, such as NCA, CITC.
• Responsible for Information security within organization which includes ensuring that the adequate level of security to conduct the business is established.
• Communicating training and awareness for all the employees to adoption of a security and privacy policy.
• Along with Production perform quarterly internal vulnerability assessment and penetration testing reviews reports and oversees remediation.
• Oversee External Audits & Internal Audits and also to ensure that the organization works on the Major/Minor Non-Conformities.
• Responsible for security and privacy within organization which includes ensuring that the adequate level of security to conduct the business is established.
• To review and approve Change Requests forms and review Incidents and problem Reports.
• Initiates and conducts investigations whenever a breach of security is reported or noticed and Report to the Management on breach of security and actions taken by IT.
• Reviews Information security policy, Data Privacy policy at least annually.
• Periodic review of the Review forms of Access logs, Systems logs.
• Along with production maintain Hardening guidelines for operating systems and other hardware/devices such firewalls, network devices, cryptographic devices, servers etc.

Academic and Professional Requirements:

• Graduate or Post-Graduate from University.
• Experience with common information security and privacy management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks, NCA, CITC.
• Proven ability to successfully liaise and negotiate with a variety of people at all levels, both internal and external.
• Effective communication skills, both written and verbal.
• Preferable with professional work experience and certifications in ISO 27001, ISO 27701, CISM, CRISC, CISSP and others.