We’re Hiring | Information Security Officer

Role Purpose

The Information Security Officer is responsible for ensuring compliance with information security policies during both mega sports events and non-event operations. The role focuses on identifying vulnerabilities, implementing security safeguards, managing incidents and risks, and promoting a strong information security culture across the organization.

Key Responsibilities

1. Information Security Governance & Compliance

• Plan, coordinate, and oversee all information security activities across the organization.
• Enforce and monitor compliance with IT Information Security policies, standards, and procedures.
• Develop, implement, and maintain information security policies and operating procedures.
• Conduct risk assessments covering people, processes, technology, and information assets.
• Ensure implementation of security controls as defined in risk treatment plans.
• Monitor compliance levels and assess effectiveness of security controls.
• Lead information security communications and awareness through governance committees.
• Supervise assurance-related activities, including audits, assessments, and penetration testing.
• Develop and maintain incident handling, reporting, and escalation procedures.
• Follow up, escalate, and report remediation of findings from security assessments and audits.
• Develop, implement, and maintain Disaster Recovery (DR) procedures aligned with BCP/IT contingency plans.
• Organize and conduct information security awareness and training programs.
• Coordinate and lead information security committee meetings.

2. Security Incident Management

• Establish and maintain formal security incident reporting and tracking procedures.
• Ensure incident response, escalation, and communication procedures are followed.
• Participate in or oversee investigation and resolution of security incidents and policy violations.
• Ensure timely notification and reporting of incidents as per policy.
• Document lessons learned and implement corrective and preventive actions.

3. Problem Management

• Analyze security incidents to identify underlying or recurring problems.
• Categorize and prioritize problems based on severity, impact, and frequency.
• Investigate root causes and define remediation strategies.
• Test and apply temporary workarounds where required.
• Maintain documentation of known errors and resolutions.

4. Risk Management

• Establish and manage a formal Information Security Risk Management Program.
• Conduct regular vulnerability assessments and risk evaluations.
• Define and implement mitigation strategies to address identified risks.

5. People Management & Succession Planning

• Provide guidance, coaching, and input into performance management and development plans for direct reports.
• Support team capability building and succession planning initiatives.

6. Information Security Implementation & Operations

• Lead development and documentation of security operating procedures.
• Oversee protection against malicious code and cyber threats.
• Ensure effectiveness of backup, recovery, and availability controls.
• Manage network security and protection of infrastructure.
• Ensure secure handling of information media and assets.
• Define secure processes for information exchange with internal and external entities.
• Develop and enforce policies for electronic messaging and online services security.
• Monitor adherence to operational security procedures.
• Ensure internal compliance with security controls and record protection.
• Ensure compliance with applicable external laws, regulations, and statutory requirements.

Qualifications & Experience

Required Experience

• 8–10 years of experience in Systems, Network, and IT Security.
• 5–6 years of hands-on experience in Information Security roles.
• Strong leadership and management capabilities.

Education & Certifications

• Bachelor’s degree in Computer Science, Electronics & Communication, or a related engineering discipline.
• Professional Information Security certifications from recognized bodies such as ISACA, ISC2, or equivalent.