Information Security Officer

Role Purpose:

Ensure compliance with information security policies during mega sports events and non-event periods. Monitor vulnerabilities, implement safeguards, and educate staff for a secure information environment.

Responsibilities:

Information Security

• Primary responsible for planning, coordinating and organizing information Security activities

• Enforce and monitor the implementation and compliance with IT Information Security Policy.

• Develop and manage the implementation of Information Security Policies and Procedures.

• Ensure Risk Assessments are conducted on all information systems such as people, process, technology and information processing facilities.

• Ensure implementation of all Information Security controls, as set forth in the Risk Treatment Plan, to ensure adequate security for the respective system.

• Conduct Information Security communications and outreach by leveraging the Information Security Management System (ISMS) committee.

• Establish appropriate measures to assess operational capabilities and determine compliance and effectiveness levels with Information Security Policy.

• Supervise other related assurance functions, as necessary

• Ensure the compliance of Information Security Policies in the organization.

• Develop and ensure implementation of Information Security procedures.

• Develop and ensure implementation of incident handling and reporting.

• Follow-up, escalate and report the resolution of Information Security issues identified during security assessments, penetration tests and audits.

• Develop, implement and maintain Disaster Recovery (DR) procedures and infrastructure in relation to the Business Continuity Plan (BCP)/ IT Service Contingency Plan.

• Conduct and coordinate Information Security awareness and orientation programs

• Responsible for conducting Committee meeting

Security Incident Management

• Incident Management: Establish a formal procedure for internally reporting and tracking security incidents ensure incident response and escalation procedures are followed, and inform all employees, contractors, and third-party users of their responsibility to report security incidents.

• Incident Handling: Participate and/or oversee in the investigation and management of information security events and policy violations and track to conclusion.

• Incident Notification and Reporting: Follow policy for the notification and reporting of incidents immediately upon discovery.

• Lessons Learned: Develop and document corrective action plans and implement Preventive actions to mitigate recurrence.

Problem Management

• Analyze a Security incident to detect an underlying problem that exists or is likely to exist.

• Categorize and prioritize the problem based on the frequency, severity and impact of incident

• Investigate and diagnose the root cause of the problem

• Test and apply the temporary workarounds

• Document the known error record

Risk Management

• Risk Management Program: Create a formal process to address risk through the coordination and control of activities regarding each risk.

• Risk Assessment: Conduct formal vulnerability assessments of the environment on a regular basis.

• Risk Mitigation: Create a formal process to mitigate vulnerabilities.

Information Security Implementation & Compliance

• Operational Procedures: Lead in the development and documentation of operating procedures

• Protecting Against Malicious Code: Activities required for the prevention and detection of malicious code, which could cause a disruption in business.

• Backup Functions: Lead activities required for the integrity and availability of information and systems.

• Network Security Management: Activities required for the protection of networks and supporting infrastructure.

• Media Handling: Activities for the prevention of unauthorized disclosure, modification, removal, or destruction of information

• Exchange of Information: Lead in the development and implementation of a formal information and application exchange with internal and external entities.

• Electronic Messaging: Lead in the development of policies and procedures needed to protect electronic messages and systems.

• Electronic Online Services: Lead in the development of security measures to ensure the integrity and confidentiality of information systems accessed from outside.

• Monitoring: Ensure that operational policies and procedures are being followed.

• Internal Compliance: Implement internal procedures to ensure compliance requirements are met, organizational records are protected, and controls are in place.

Qualifications:

• 8+ of experience in systems, Network & IT security and 5+ Year of experience in Information Security.

Education:

• Bachelor’s Engineering Degree in Computer Science/Electronics & Communication Science.

• Certification in Information Security by an international established, approved consortium like ISACA, ISC2 etc.

Required Skillset:

• Subject matter expert in Information Security

• Management skills