Education: Post Gradutae/Graduate
Key Responsibilities:
1. Strategic
- Identify information security goals and objectives consistent with organization business need/objectives.
- Define the scope and boundaries of the information security program.
- Understand legal and regulatory requirement.
- Define information security implementation strategies.
- Define risk management framework.
- Define information security measurement metrics and other key performance indicators.
- Get approval for information security plan, budget and resources from top management.
Operational
- Define formal process for creating, documenting, reviewing, updating, and implementing security policies and Define information security policy.
- Define policy for classification of information and information assets.
- Get approval of information security policies, procedures, guidelines and processes.
- Assist in developing, maintaining, reviewing and improving strategic organization wide information security and risk management plan.
- Disseminate information security policies, procedures and guideline to all concerned.
- Enforce implementation of approved information security policies, procedures, guideline and ISMS etc.
- Periodically evaluate and review effectiveness of information security policies, procedures, standards, guideline and processes, ISMS etc.
- Monitor and react to alerts and advisories with respect to new vulnerabilities / threats
- Implement automated and continuous monitoring of security incidents.
- Maintain a record of information security incidents and breaches.
- Take remedial action to reduce / diminish the impact of information security incidents and breaches.
- Raise information security awareness among management, employees, contractors and other stake holders.
- Provide role-based training on information security to the workforce.
- Coordinate and lead in implementation of Disaster Recovery (DR)/Business Continuity Plan (BCP)
- Periodically conduct mock drill to evaluate effectiveness of DR/BCP
- Coordinate with external agencies to perform information security audit at least annually or whenever significant changes have been made in IT systems/Infrastructure.
- Prepare information security audit report along with recommendations for improving information security.
- Appraise senior management on status of information security audit findings and issue resolutions.
Didn’t find the job appropriate? Report this Job