· Masters / 4 years Bachelors in Information Security / Computer Science / Information Technology / Project Management / Business Administration from some reputed foreign or HEC-recognized institution / university.
· Candidate having 7+ years proven experience of the development, implementation, maintenance and compliance of organization-wide Information Security Policies, Programs, Standards and technologies related to systems/applications/databases/networks.
· Professional security management certification like CISM, CISSP, CEH, CISA, COBIT, CompTIA Security+, ISO 27001.
· Excellent communication skills both verbal & written.
· Knowledge of disaster recovery, computer forensic tools, technologies and methods.
· Professional experience in Information Security Compliance in applications, systems, databases and networks.
· Ability to communicate information (cyber/network/data) security issues to peers and management.
· Direct experience with anti-virus software, intrusion detection, firewalls and content filtering
· Knowledge of information security related to applications/systems/databases/networks risk assessment tools, technologies and methods.
· Require an excellent working knowledge of UNIX, Windows, and other operating system platforms.
· Thorough understanding of established security and data sharing standards, such as SOX, HIPAA, and ISO, to ensure organizational compliance.
· Strong problem-solving skills.
· Experience designing secure systems, applications, databases and network architectures.
Responsibilities:
· Provide assistance to develop, maintain and implement information security/cyber security/ network security processes / framework / methodologies and information security compliance against applications/systems/databases/networks.
· Provide assistance to develop, implement, and maintain organization-wide Information Security Policies, Programs, Standards. Technologies and Compliance.
· Provide assistance to develop, maintain, enhance, implement and monitor information (Cyber/network/data) security management / information risk management processes / framework / methodologies compliance against CIA (Confidentiality, Integrity, and Availability) for applications/systems/databases/networks.
· Ensure the confidentiality, integrity and availability of organization's information, data and IT services related to applications/systems/databases/networks.
· Manage to provide a secure, reliable platform (applications, databases, systems and networks)
organization-wide and to authorized third parties with the assurance that the platform is appropriate to process sensitive information.
· Conduct information security awareness sessions / workshops on regular basis.
· Support in providing a centralized management structure for all information security functions.
· Perform IT security risk assessments and reporting on ways to minimize threats.
· Monitor security vulnerabilities and hacking threats in network and host systems.
· Tracking latest IT security innovations and keeping abreast of latest cyber security technologies
· Ensure disaster recovery & business continuity.
· Perform internal information security audits on regular intervals against all technologies.
· Communicate with key stakeholders about IT security threats.
· Implement an effective process for the reporting of security incidents.
· In Case of a Security Breach, leads incident response activities to minimize the impact of a Security Breach. Technical and forensic investigation into how the breach happened and the extent of the damage.
· Overseeing the investigation of reported security breaches.
· Develop strategies to handle security incidents and trigger investigations.
· Manage/deliver training, coaching, and mentoring to information security team members.
· Comply with the latest regulations and compliance requirements.
· Keep organization updated about the latest security strategies and technologies.
· Ensure compliance to legal, regulatory & contractual information security requirements.
· Lead the security design for all departmental projects, developments, integrations, third party integrations, highlight and clearly articulate risk mitigation requirement.
· Lead the escalation and resolution of risk and compliance issues with appropriate stakeholders.
· Collect, analyse, and prepare reports required for senior management, regulators, and other relevant stakeholders
· Provide routine direction on remediation activity to meet compliance
· Improve existing compliance programs and processes
· Design and execute audit procedures to assess and measure company compliance with its security policies and procedures
· Manage compliance testing and monitoring of current and future regulatory obligations, and other regulatory matters as required.
· Improve existing compliance programs and processes.
· Conduct internal security risk assessments and security compliance audits.
· Ensure that cybersecurity is truly a central part of organizational culture, keeping stakeholders at all levels informed and vigilant.
· Any task assigned by management.