IT Governance and Security Officer

Purpose:

Information security governance ensures that an organization has the correct information structure, leadership, and guidance. Helps in ensuring that a company has the proper processes and administrative security controls to mitigate risk.

Job Summary:

Maintain a strong and robust information security management system in the organization through threat/vulnerability detection, security scanning, penetration testing, security monitoring, identifying IT/OT security risks and other related information security activities. Ensure adherence to the various internal and international information security standards and also to provide technical consultation on multiple information security issues.

Main Responsibilities & Tasks

• Administration & maintaining Information Security & Governance Program/s. to enhance overall Cyber Security Posture.
• Maintain Information Security Management Program & Documentation. (Policies, Procedures, Manuals & etc.)
• Maintain Business Continuity program, team/s and resources.
• Maintain Cybersecurity risk assessment, risk treatment plans and follow ups.
• Engage and be focal for ITDC Cybersecurity Audits & follow ups.
• Information Security Improvements based on Audits and building control capability reports
• Maintain ITDC Cybersecurity Security Change management, Authorization & Practice Reviews & Approvals (suggestions)
• Project Information Security oversight (encouraging org. wide teams to participate ensuring all projects take Information security & privacy impacts into account)
• Security Incidents (Ensuring and leading security incident management and response)
• Information Security KPIs (follow up with teams to ensure ISMS performance are monitored and reported as and when required)
• Information Security Information Provision (Ensuring security related information is provided as required both internal & external to the company)
• Skills & Knowledge Development (Ensuring skill sets of assigned team is up to date.
• Administrator and engage relevant unit budgeting and overall capacity
• Maintain and build culture for information asset / data as per the applicable guidelines, framework & standards by the regulatory
• Information Security Awareness (Ensuring that Information security awareness is promoted throughout the business)
• Job descriptions are written to reflect major accountabilities and will not describe all the tasks which may be performed by an individual. The incumbent shall perform any additional related duties assigned by the respective line manager to meet operational requirements.
• The incumbent shall ensure the highest standards are followed to safeguard the sensitive and confidential data.

Minimum Required Qualifications, Certificates & Skills

• Graduate in IT or Relevant field.
• 10 + Years overall IT with 3 + years in Cyber Security & Governance.
• ISMS Implementor & Audit, BCMS, CISSP, CISM, CEH, COBIT, CCSP & relevant and or working knowledge for the same.
• Project Management, Time Management, Managing KPI’s, IT Cyber Security Audit, Strong verbal and written communication skills, Budgeting, Capacity planning, Knowledge of IOT, Cloud and its possible deployments, ability to work as team and individually as well.