الوصف الوظيفي
- Develop, implement, and maintain an effective information security program in accordance with
industry best practices and regulatory requirements.
- Conduct regular risk assessments and vulnerability assessments to identify potential security
threats and vulnerabilities.
- Develop and implement risk mitigation strategies and security controls to minimize risks to the
organization's information assets.
- Monitor security controls and systems to detect and respond to security incidents and breaches in
a timely manner.
- Lead incident response activities, including investigation, containment, remediation, and reporting
of security incidents.
- Collaborate with internal stakeholders to ensure that information security policies, procedures, and
standards are effectively communicated and enforced throughout the organization.
- Provide guidance and support to IT teams and business units on security-related matters, including
secure software development practices, network security, and data protection.
- Stay informed about emerging threats, vulnerabilities, and security technologies, and recommend
appropriate measures to mitigate risks.
- Conduct security awareness training and educational programs to promote a culture of security
awareness among employees.
- Liaise with external auditors, regulators, and third-party vendors to ensure compliance with
relevant security standards and regulations.
- Prepare and maintain documentation related to information security policies, procedures,
standards, and incident response plans.
- Participate in strategic planning and budgeting processes to align information security initiatives
with business objectives and priorities.
Requirements- Minimum of 6 years of proven experience in the IT field, including at least 2 years in
information security management, risk management, or related roles.
- In-depth knowledge of cybersecurity principles, standards, frameworks (e.g., NIST, ISO/IEC
27001), and regulations (e.g., GDPR, HIPAA, PCI DSS).
- Experience conducting risk assessments, vulnerability assessments, and penetration testing.
- Strong analytical and problem-solving skills, with the ability to assess complex security
issues and develop effective solutions.
- Excellent communication and interpersonal skills, with the ability to interact effectively with
stakeholders at all levels of the organization.
- Experience leading incident response activities and managing security incidents and
breaches.
- Familiarity with security technologies and tools, such as SIEM, IDS/IPS, DLP, endpoint
protection, and encryption.
- Ability to work independently and collaboratively in a fast-paced environment, with a strong
focus on results and attention to detail.
- Knowledge of cloud security principles and best practices is a plus.
