Decision Making Parameters:
• Empowered to make decisions on aspects related to Information Security and Risk Management, within the framework of responsibilities and boundaries identified with this role and in accordance with standard practices and guidelines set by the company.
• Consults with Head of Governance on all strategic and non- routine decisions. All duties shall be performed through proper channel and in compliance with adopted policies and procedures.
• Reports to the HOD/CEO for issues and decisions related to regulatory compliance.
Qualifications (Academic, training, languages, etc.):
• Bachelor degree in Computer Engineering/ Computer Science/ Information Technology or equivalent.
• Certification relevant to Information Technology/ IT Security/ Audit/ Governance e.g. CISA, CISM, CISSP, CGEIT.
• Fluent in English Language.
Key Result Responsibilities:
• Develops, manages, and communicates the Corporate Information Security Framework that includes policies, standards and processes based on international standards (eg.ISO27001) as well as legal and regulatory requirements (e.g. PCI DSS, GDPR) ensuring its policies and procedures are adopted and adhered to.
• Develops an overall information security and compliance strategy, and recommends appropriate controls and tools ensuring all are in line with company s objectives, set measures and information control requirements.
• Monitors environmental and market trends and pro-actively assesses impact to business strategies and advises necessary security controls in collaboration with experts in other functions e.g. legal, technical support, architecture.
• Defines and implements a risk management framework for company to ensure that IT security and risks are managed to acceptable levels and in compliance with relevant regulations.
• Co-ordinates periodic vulnerability assessments and penetration tests on IT environment to monitor performance, identify risks and threats, and manage solutions as required for the effective protection of information assets and/or regulatory compliance.
• Ensures there is sufficient visibility at the appropriate management level for every risk its impact, and cost of mitigation.
• Conducts investigations on permission violations and defines org-level policies on the access rights.
• Co-ordinates effective implementation of data protection program aligned to applicable regulatory regimes (e.g. GDPR). This includes records of processing, associated policies and procedures, and reporting and engaging with supervisory authorities whenever needed.
• Directs and guides internal teams and/ or external providers to ensure that all information assets are well protected. Reviews, actions any exception to policies and standards based on impact and takes ownership for all Information security initiatives.