Information Security Officer (Security Policy, Risk Management & Security Awareness)

Job Description:

Position Summary

The Information Security Officer is responsible for protecting the client most sensitive information by working on security policies, risk management, and security awareness programs. This role will ensure compliance with relevant security standards and regulations while promoting a culture of security across the organization. The successful candidate will identify risks, enforce policies, and educate employees on security best practices to safeguard the organization’s information assets.

Key Responsibilities:

1.   Security Policy Management

a.   Develop, review, and maintain security policies, standards, and guidelines to ensure alignment with industry best practices (e.g., ISO 27001, CIS Controls Framework, SWIFT Customer Security Controls Framework (CSCF)).

b.   Ensure security policies are up-to-date, well-documented, and effectively communicated to all relevant stakeholders.

c.   Collaborate with cross-functional teams to ensure policy implementation aligns with business objectives and regulatory requirements.

d.   Monitor and enforce adherence to security policies across the organization through regular audits and compliance checks.

2.   Risk Management

a.   Lead risk assessments to identify potential security threats, vulnerabilities, and risks across the organization’s assets and operations.

b.   Further develop and maintain the organization’s risk register, prioritizing risks based on likelihood and potential impact.

c.   Propose and implement mitigation strategies to minimize identified risks, including the development of incident response plans.

d.   Collaborate with auditors and Risk Management Department to ensure compliance with regulatory requirements and best practices in risk management.

e.   Further develop and report on key performance indicators (KPIs) to monitor the effectiveness of risk management processes.

3.   Security Awareness

a.   Design, implement, and manage a comprehensive security awareness program to educate employees on security risks and best practices.

b.   Develop training materials, including e-learning modules, presentations, and awareness campaigns to foster a security-conscious culture.

c.   Conduct phishing simulation exercises and monitor participation in security training.

d.   Evaluate the effectiveness of the awareness program by tracking engagement metrics, conducting surveys, and adjusting strategies based on feedback.

e.   Serve as a key resource for answering employee questions related to information security, threats, and best practices.

4.   Compliance and Audit Support

a.   Ensure compliance with internal policies, including data protection and privacy.

b.   Support audits by providing required documentation and evidence of security controls.

c.   Collaborate with legal and compliance teams to address regulatory changes and requirements.

Required Skills & Qualifications:

• Bachelor's degree in information security, Cybersecurity, Computer Science, Information Technology, or a related field.

Certifications:

• Preferred certifications include CISSP, CISM, CRISC, CISA, or ISO 27001 Lead Implementer/Auditor.

Experience:

• 5+ years of experience in information security, with a strong focus on policy development, risk management, and security awareness.
• Experience with regulatory frameworks such as SWIFT CSCF.
• Hands-on experience conducting risk assessments and developing risk treatment plans.
• Experience designing and delivering security awareness programs to diverse audiences.

Technical Knowledge:

• Familiarity with security controls, vulnerability management, incident response, encryption, and data protection.

Analytical Skills:

• Ability to assess risks and provide actionable insights for improving the organization’s security posture.
• Excellent verbal and written communication skills, capable of translating technical security issues into business terms.

Leadership & Collaboration:

• Ability to work collaboratively with IT, legal, compliance, and other departments to drive security initiatives.

Required Languages:

• Excellent written and verbal communication skills in English.
• A good working knowledge of German, Arabic, French or Spanish is an added advantage.

Preferred Qualifications:

• Master's degree in information security or Cybersecurity or 4 additional years of experience in a relevant field of work.
• Experience working in highly regulated industries such as finance, healthcare, or government.
• Familiarity with enterprise risk management frameworks such as COBIT or COSO.
• Knowledge of cloud security and emerging cybersecurity trends.

Personal Attributes:

• Team-oriented with a willingness to collaborate with other IT and security professionals.
• Wide knowledge of the information security field with a strong attention to detail.
• Problem-solving mindset with a proactive approach.
• Excellent social and communication skills to work together with other internal stakeholders.
• A commitment to maintaining the highest ethical and professional standards.

If Interested, Kindly share me your profile to [email protected]