Associate Director - Chief Information Security Officer - IT

CISO Roles and Responsibilities:

- Ensure enforcement of the policies and procedures at an organizational level.

- Oversee the security of information and information resources.

- Maintain and update ISMS documents.

- Monitor security intrusions and activities and take countermeasures.

- Monitor incidents.

- Create security awareness among employees

- Revisions, implementation, workforce education, interpretation, and enforcement of this procedure.

- Co-facilitate the Information Technology Incident Response Team.

- Coordinate efforts in respect to the vulnerability management program as applicable and needed utilize network tools for IPS, IDS, forensics, vulnerability assessments, and validation.

- Investigation officer for all information security incidents.

- Advisor to the organization's Incident Management Team.

- Assist chief privacy officer with breach management duties.

- Facilitate semi-annual tabletop exercises with all members of the SIRT to ensure everyone understands their roles.

- Provide individuals with a process and method to report security issues and/or breaches anonymously.

- Maintain a list of third-party security contact information in the event an incident needs to be reported to an outside party.

- Ensure members of the Information Technology Incident Response Team and other workforce members that have significant responsibilities related to incident response are properly trained within 90 days of their hire date, or assuming an incident response role, and whenever there is significant change to the organization's environment, and within every three hundred sixty-five (365) days thereafter.

- Ensure members of the Information Technology Incident Response Team are properly trained to handle incidents that involve or are caused by insider threat.

- Setting the vision and strategy for IT risk function working in conjunction with all other senior leadership across Talent500.

- Building a robust Information security risk management framework and architecture for Talent500 bringing together teams and managing the enterprise-wide risk

- Responsible for vendor management including SLA, budgets, quality, resources

- Responsible for confirming the capacity of IT Services and IT Infrastructure

- Installation, monitoring and administration of Network devices, Local area network and Wide area network and other network components

- Enabling business continuity by providing redundancy to critical network equipment and leased lines.

- Monitor network traffic and protocols on the network. Ensure, only standard protocols are used on the network

- Adhere to change control mechanism for all the changes in existing configurations

- Prevent or minimize broadcasts within the network

- Define relevant access lists for each critical device

- Monitor the network and system log for any attempt for an Information Security incident

- Evaluate the impact of the incident to identify any potential Information Security breach

- Perform risk assessment to identify any risk and apply controls to mitigate them

- Assist in updating the Information Security policies and procedures

- Assist in reviewing the system development requirements meet the information security requirements