Job Overview: We are seeking an experienced and dedicated Information Security who will be responsible for developing, implementing, and maintaining comprehensive information security policies and procedures across our organization. The ideal candidate will ensure that our security measures align with industry best practices, legal requirements, and organizational objectives while fostering a culture of security awareness.
Responsibilities:
- Develop, review, and maintain comprehensive information security policies, procedures, and standards.
- Ensure all policies align with industry best practices, legal requirements, and the overall objectives of the organization.
- Facilitate the implementation of new policies and procedures across various departments.
- Conduct regular risk assessments to identify potential security threats and vulnerabilities across the organization.
- Develop and implement risk mitigation strategies to effectively address identified risks.
- Monitor and evaluate the effectiveness of risk management controls to ensure they meet desired security outcomes.
- Ensure compliance with relevant information security standards and regulations, such as PCI DSS, HIPAA, and GDPR.
- Conduct internal audits and assessments to identify compliance gaps, leading to the development of remediation plans to address any issues.
- Create and maintain an incident response plan to address security breaches effectively and coordinate incident response activities to ensure timely notification of relevant stakeholders.
- Conduct post-incident reviews to identify lessons learned and improve future response efforts.
- Develop and deliver information security awareness training programs aimed at enhancing employee understanding of security practices.
- Promote a culture of security awareness and responsibility throughout the organization.
- Perform any additional duties as assigned by the Line Manager.
Requirement:
- Bachelor’s degree in Computer Science, Information Technology, or a related field.
- A minimum of 4 years of experience in information security, compliance, or risk management.
- Strong understanding of information security principles, concepts, and best practices.
- Knowledge of industry standards and regulations, such as ISO 27001 and the NIST Cybersecurity Framework.
- Proficiency in risk assessment methodologies and tools.
- Strong analytical and problem-solving skills.
- Excellent communication and interpersonal skills, with the ability to convey complex information clearly.
- Ability to work both independently and collaboratively within a team environment.
- Strong attention to detail and exceptional organizational skills.