• Maintain and enhance in existing security controls, risk assessment framework, ensuring documented and sustainable compliance that aligns with SEWA business objectives and applicable regulatory requirements.
• Continuously monitor information security controls, exceptions, risks.
• Schedules regular assessments and testing of effectiveness and efficiency of ISMS controls and existing system policies and creates GRC reports.
• Performs and investigates internal and external information security risk and exceptions assessments.
• Conduct IT System policies reviews, assess security incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
• Documents and reports Information Security control failures and gaps. Provides remediation guidance and prepares incident reports to track remediation activities.
• Remains current on IT Governance and Information security risks, technologies and compliance best practices.
• Performs other related duties as assigned.