Security Policy
Development and Implementation ·Develop,
implement, and maintain comprehensive information
security policies, procedures, and guidelines. ·Ensure
that security policies are aligned with business objectives and comply with regulatory requirements.
Risk Management ·Conduct
regular risk assessments and vulnerability analyses. ·Identify
potential threats and vulnerabilities and develop mitigation strategies. ·Implement
and monitor security controls to manage and mitigate risks.
Incident Response ·Develop
and maintain an incident response plan. ·Lead
the response to security incidents and breaches,including investigation,
containment, and recovery efforts. ·Conduct
post-incident analyses and report findings to senior management.
Compliance and Auditing ·Ensure
compliance with relevant regulations and standards(e.g., ISR, DESC Standards,
ISO 22301, ISO/IEC 27001). ·Coordinate
and oversee internal and external security audits. ·Prepare
and submit necessary compliance reports.
Security Awareness and
Training ·Develop
and deliver security awareness training programs for employees. ·Promote
a culture of security awareness within the organization. ·Ensure
that staff are aware of security policies and procedures.
Monitoring and
Reporting ·Implement
and manage security monitoring tools to detect and respond to threats. ·Regularly
review security logs and reports to identify and address security issues. ·Regularly
review security VAPT Reports and make sure it is closed.
·Provide
regular reports on the status of the information security program to senior management.
Collaboration and
Advisory ·Work
closely with IT and other departments to ensure security measures are integrated into all aspects of the organization’s operations. ·Serve
as a key advisor to senior management on information security matters.
Collaborate with external
partners and stakeholders to ensure
a comprehensive security posture.
Ability to prioritize
a wide range of workloads with critical deadlines.
Availability outside
of working hours to resolve emergency issues
promptly.
Requirements
5-8 years of
Information Security Governance, Risk, and Compliance
experience
Bachelor’s degree in
information security or relevant degree
Relevant
certifications such as CISSP, CISM, CEH, ISO 27001 Lead Auditor, ISO 23001 Lead Auditor or
CISA are highly
Experience in
implementing the ISR /DESC standards.