The Information Security Expert is responsible for establishing, maintaining, and continuously improving the organization’s information security governance, risk management, and compliance frameworks.

The role provides expert-level assurance, advisory, and operational oversight to protect information assets, ensure regulatory compliance, and strengthen cyber resilience in alignment with government cybersecurity regulations and international standards.

Key Responsibilities:

A. Information Security Governance & Strategy

• Develop, implement, and maintain information security policies, standards, procedures, and guidelines.
• Ensure alignment of the information security framework with organizational objectives, government cybersecurity mandates, and industry best practices.
• Contribute to the development and execution of the organization’s cybersecurity strategy and roadmap.

B. Risk Management & Compliance

• Lead information security risk assessments, threat modeling, and vulnerability assessments across systems, applications, and infrastructure.
• Identify, assess, and monitor cyber risks and ensure appropriate mitigation measures are implemented.
• Ensure compliance with applicable cybersecurity and data protection regulations, including government information security standards and international frameworks (e.g., ISO/IEC 27001).

C. Security Operations & Incident Management

• Oversee and support security monitoring, incident detection, response, and recovery activities.
• Lead or coordinate investigation of information security incidents and breaches, including root cause analysis and corrective action planning.
• Ensure incident response plans, business continuity, and disaster recovery controls are tested and effective.

D. Assurance, Audits & Assessments

• Plan and conduct information security audits, assessments, and control reviews.
• Coordinate internal and external audits related to cybersecurity, data protection, and IT controls.
• Track and follow up on remediation of audit findings and security gaps.

E. Advisory & Stakeholder Engagement

• Act as a trusted advisor to management and business units on cybersecurity risks, secure system design, and data protection requirements.
• Provide guidance on secure digital transformation initiatives, cloud security, third-party risk, and emerging technologies.
• Conduct security awareness sessions and promote a strong information security culture across the organization.

3. Qualifications & Experience

Education

• Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Information Technology, or a related field.
• Master’s degree is an advantage.

Professional Certifications (Preferred)

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CISA, ISO 27001 Lead Implementer / Lead Auditor, or equivalent certifications

Experience

• Minimum 7–9 years of progressive experience in information security, cybersecurity, or IT risk management.
• Experience within government or semi-government entities is highly preferred.
• Proven experience leading security initiatives, risk assessments, and regulatory compliance programs