Information Security Officer
The role
You will be developing, improving and implementing policies, procedures and controls to ensure that the organisation's practices remain observant to all relevant industry regulations and regional laws. You will manage the internal audit plan (forward planning) and facilitate external audits on ISO 9001/27001 and other standards as and when required.
Responsibilities and Duties
- Work with Operations, Development and QA teams to enhance security practices
- Researching and evaluating the security approach and monitoring tools
- Ensure consistency of security practice and standards across the group
- Documentation of the procedures, policies and controls
- Conduct Information Security assessments including and documenting controls, creating detailed process flows, identifying potential gaps and or inconsistencies and making sound recommendations for improvement and/or migration
- Maintain Internal audit program and conduct internal audits Ensuring the readiness of managers and their organisations for audit testing
- Track mitigation steps (from self-assessments & Internal Audit) and ensure remediation appropriately and in a timely manner
- Assist and ensure our security and compliance on accreditations GDPR, ISO 9001, ISO 27001 and any other relevant security standards are achieved and maintained
- Collaborate with key internal departmental stakeholders such as Product Development, Infrastructure, IT Operations and Finance to achieve and maintain our security and compliance accreditation
- Fill out Tender forms around Security and Privacy
- Provide technological insight on compliance requirements to non-IT leaders
- Assist in Business Continuity Planning and review
Key skill and competency requirements
- Experience in managing the following frameworks: PCI DSS & ISO 27001
- Formal security certifications (CISP)
- A minimum of three (3) years' experience in an Information Security role, with extensive experience on Information Security processes and regulations
- Excellent understanding of information security concepts, protocols, industry best practices and strategies
- Experienced in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies
- Strong analytical skills to analyse security requirements and relate them to appropriate security controls
- Understanding of the business impact of security tools, technologies and policies
- Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the all layers of the organisation
- Understanding of GDPR and data sovereignty principals, and aware of the exceptions that can apply per country
Desirable
- Cloud security principals and technologies
- Software Application Security principles and practices
- Experience of engaging with 3rdparty security auditing companies
General experience
- 3+ years of IT Security Management
- 1+ years Cloud Security Principals