Careers

General Description

The Information Security Officer (ISO) serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization’s information security policies.

The ISO coordinates activities with other departments, including the evaluation, procurement, and deployment of security-related products and develops and coordinates information security awareness and education programs. The key element of the ISO’s role is working with executive management to determine acceptable levels of risk for the organization. This position is responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected.

Report to Head of IT Operations on a day to day basis and ultimately to the Head of Technology.

Key Responsibilities

• Develop, implement and monitor a strategic, comprehensive enterprise information security management framework and IT risk management program

• Provide risk assessment and security briefings related to security issues for all new and existing systems and remains familiar with the Company’s goals and business processes so effective controls can be put in place for those areas presenting the greatest information security risk.

• Communicates risks and recommendations to mitigate risks to the senior administration by communicating in non-technical, cost/benefit terms and in a format relevant to senior administrators so decisions can be made to ensure the security of information systems and information entrusted to the Company.

• Oversees all ongoing activities related to the development, implementation, and maintenance of the Company’s information security policies and procedures by ensuring these policies and procedures encompass the overall security of electronic information at rest or in motion within the system and assisting departments in local process and procedure development, ensuring they are not in conflict with Company policies.

• Assists other departments to ensure regulatory compliance in areas such as the ISO 27001, NIST, CSA, CIS and other compliance requirements required by individual customers.

• Chairs the Information Security – IT Committee (ISIC) and coordinates the activities of ISIC so that security decisions do not interrupt business processes while maintaining the confidentiality, integrity, and availability of company information.

• Conduct vulnerability assessment and penetration test on the organizations IT systems and application

• Plan and conduct annual role-based and general staff cyber security awareness training

• Acts proactively to prevent potential disaster situations by ensuring that proper protections are in place, such as intrusion detection and prevention systems, firewalls, and effective physical safeguards, and provides for the availability of computer resources by ensuring a business continuity/disaster recovery plan is in place to offset the effects caused by intentional and unintentional acts.

• Evaluates security incidents and determines what response, if any, is needed and coordinates Company’s responses, including technical incident response teams, when sensitive information is breached.

• Contributes to a work environment that encourages knowledge of, respect for, and development of skills to engage with those of other cultures or backgrounds.

• Remains competent and current through self-directed professional reading, developing professional contacts with colleagues, attending professional development courses, attending training, conferences, and/or courses as directed by the supervisor, and obtaining certifications relevant to job duties.

Job Requirements

• At least 8 to 12 years of relevant working experience in IT Security, IT security operation & governance

• Knowledge of common information security management frameworks, such as ISO/IEC 27001, Cloud Security Alliance, MAS TRM and NIST etc

• Skills: Good working knowledge of running cyber security awareness program ,IT security risk management, security governance framework and compliance (IT Security Audit / log review), IT security review (Vulnerability Assessment & Penetration testing), Cloud computing security (AWS, Azure), application and system security, security technologies (IDS/IPS/WAF, Firewall, SIEM & PAM) and cyber security incident response.

• The ability to maintain confidentiality in regard to information processed, stored, or accessed by the systems is required.

• The ability to manage multiple concurrent projects and to reason analytically is required.

• The ability to work with and train people possessing differing levels of technical knowledge is required.

• Effective verbal and written communication skills and proficiency in writing technical specifications are required.

• The ability to develop knowledge of, respect for, and skills to engage with those of other cultures or backgrounds is required.

Qualifications

• Bachelor’s degree in Computer Science, Information Technology or a related discipline.

• Professional information security certifications (CISSP,CISM,CISA,OSCP, GIAC etc) is preferred.