Key Responsibilities:
1. Develop and Maintain Information Security Policies
* Create and update information security policies and procedures aligned with business objectives and industry best practices.
* Ensure compliance with ISMS requirements to minimize risks.
* Implement a risk management framework to assess, monitor, and review security risks.
* Collaborate with stakeholders to manage risk treatment strategies throughout their lifecycle.
2. Reporting and Analytics
* Deliver timely and accurate security reports to senior management and stakeholders, providing actionable insights into security metrics.
* Report security incidents, policy violations, and audit findings, recommending improvements and mitigations.
3. Audit Management and Compliance
* Lead internal and external security audits to ensure alignment with regulatory requirements and industry standards.
* Oversee remediation efforts for vulnerabilities or non-conformities identified during audits.
4. Incident Response and Management
* Investigate and respond to security incidents, containing, eradicating, and recovering from threats.
* Document incidents and contribute to post-incident reports for continuous improvement.
5. Security Awareness and Training
* Design and implement training programs to educate employees on security best practices and policies.
* Maintain up-to-date knowledge of the latest security threats and share this information with colleagues.
* Promote a culture of security awareness across the organization.
Minimum Qualifications:
* Bachelor's degree in Computer Science, Information Technology, Engineering, Laws, Economics, or related fields.
* Deep understanding of information security principles and best practices.
* Proven experience (3+ years) in implementing information security programs and managing ISMS.
* Advanced knowledge of frameworks like ISO 27001, CIS Controls, or NIST CSF.
* Experience in security risk management and compliance, including GDPR.
* Strong communication skills for conveying complex security issues and collaborating with teams.
* Certifications such as ISO 27001 Lead Auditor or Implementer are advantageous.
* Ability to adapt to changing business needs and travel when required.