Information Security Governance & Risk Management:

- Lead enterprise and project-level Information Security Risk Assessments, including identification, analysis, treatment, and reporting of security risks.

- Support project governance by embedding security risk management practices across technology and business initiatives.

- Identify, assess, and track project-related security risks, ensuring timely mitigation and risk acceptance where applicable.

Vendor Risk Management:

- Own and operate the Vendor Risk Management (VRM) framework, including due diligence, onboarding assessments, periodic reviews, and exit assessments from Information Security perspective.

- Perform security risk assessments of third-party vendors covering data protection, access controls, resilience, and regulatory compliance.

- Collaborate with Procurement, Legal, and Business teams to ensure security requirements are embedded into vendor contracts and SLAs.

ISO 27001 Implementation & Management:

- Lead the ISO/IEC 27001 Information Security Management System (ISMS) implementation, operation, and continual improvement.

- Maintain ISMS documentation including policies, standards, procedures, risk registers, and control evidence.

- Coordinate internal audits, Management Reviews, corrective actions, and surveillance/certification audits.

Cyber Resilience:

- Support and enhance Cyber Resilience programs including incident response, disaster recovery, and business continuity from an information security perspective.

- Participate in cyber incident simulations, tabletop exercises, and post-incident reviews to improve organizational readiness.

Logical Access Management (LAM) & Data Protection:

- Review and validate role definitions and access controls defined by the Logical Access Management (LAM) team to ensure least privilege and segregation of duties.

- Oversee Data Leakage Management controls including monitoring, policy enforcement, and incident handling relating to data loss or exposure.

Security Awareness & Training:

- Design and drive Information Security Awareness and Training programs for employees, contractors, and relevant third parties.

- Promote a strong security culture through campaigns, phishing simulations, and targeted training initiatives.

Audit & Compliance Management:

- Act as the primary point of contact for internal and external audits related to information security.

- Coordinate audit responses, track observations, and ensure timely closure of audit findings.

- Support regulatory, customer, and contractual security compliance assessments.

KEY DECISIONS TAKEN:

- Acceptance, mitigation, or escalation of information security risks in line with risk appetite.

- Review and recommendations for vendor onboarding and continued engagement from a security risk perspective.

- Determination of applicability and prioritization of ISO 27001 controls and security improvement initiatives.

- Recommendations on access control designs and exceptions in collaboration with the LAM team.

- Direction on corrective actions arising from audits, incidents, and risk assessments.

EDUCATION & EXPERIENCE REQUIREMENTS:

- Bachelor's and/ or master's degree in information technology, Computer Science, Cybersecurity, or a related field.

- 8-10 years of experience in Information Security, Risk Management, GRC, or related roles.

- Hands-on experience with ISO/IEC 27001 ISMS implementation and audits.

- Strong experience in vendor/third-party risk management, audits, and security risk assessments.

Certifications (preferred):

- ISO/IEC 27001 Lead Implementer / Lead Auditor

- CISM, CISSP, CRISC, or equivalent security certifications