Information Security Governance:
- Develop information security policies, standards, procedures, and guidelines in accordance with the overarching Group Information Security Risk Framework
- Support the preparation for client or industry specific certification and compliance programs such as ISO27001, PCI DSS, etc.
- Work with stakeholders across different departments to ensure that security systems are working smoothly to reduce the organization's operational risks in the face of a security attack.
- Manage policy exceptions, identifies rationale and risks in support of exception requests, weighs effectiveness of compensating controls, and makes recommendations around exception requests
- Provide security risk consulting services internally to the organization by giving security guidance and functioning as an information security subject matter professional.
- Manage all facets and provide project level management for assigned security projects that when implemented will provide an improved security risk posture.
- Develop secure business and communication practices, collect and manage security objectives and metrics; analyse and facilitate discussion with business units, ensuring that the company is in regulatory compliance with the rules for relevant bodies, and check the adherence to security practices.
- Assess the effectiveness ISMS and data protection program
- Present updates and issues to technical and or non-technical staff and management on periodic basis.
Awareness and training:
- Lead and conduct security awareness programs
- Help with programming and ensure the participation of employees information security awareness program
- Anticipate new threats and actively working to prevent them from occurring
Develop consultative relationships with different stakeholders to educate them about risk management and implement risk management practices to prevent or mitigate information security breach or data loss as well as the compliance with the different information security and data protection policies of the company.
Controls and audits:
- Ensure compliance by conducting periodic risk assessments, internal audits, and business impact analysis against internal security baselines, contractual and regulatory requirements.
- Ensure that all committed resolutions to audit findings, risks and security incidents are monitored, reported and resolved on time. Review evidence supporting closure of the actions.
- Implement business continuity processes and facilitates documentation of continuity plans and testing.
- Fulfill other tasks related to the position as required
- Easily adapted to fast-paced environment, must be able to learn new concepts quickly that affect the security stance of the company
- Attention to details and demonstrate strong analytical and problem solving skills
- Strong organizational/planning and project management skills
- Communicate, present and negotiate effectively, with strong command of the English language, both written and oral
- Must be well organized and demonstrate the ability of effectively working both independently and within the team environment
Job Experience and Qualification:
- Graduate of Bachelor’s Degree in Information Technology, Computer Science, Administration Management or equivalent
- Minimum 4 years of professional experience in information technology, information Security compliance, data protection, security audit and risk management preferably in the BPO industry
- Familiar with different regulations and standards related to information security and data protection (e.g. Data Privacy Act, GDPR, ISO27001, PCI DSS, SSAE, etc.)
- Preferably a certified information security professional, relevant certifications are CISM (Certified Information Security Manager), CISA (Certified Information System Auditor), CISSP(Certified Information Systems Security Professional), ISO/IEC 27001 Information Security Officer or ISO/IEC 27001 Lead Auditor
Perks & Benefits
- Employee equity
- Commission and bonus
- Nearby public transport
- Central location
- Casual dress code
- Free snacks / Happy hours
- Regular team activities
- Company trips
- Medical insurance
- Personal leave
- Sabbatical leave
- Open culture
- Personal development opportunities