Who are we looking for?

- Demonstrated experience in IT Security Management at IT infrastructure and IT applications.

- Mixed managerial, analytical and technical skills, and knowledge in all aspects of computer security in multi IT areas: database, development, network, operating systems, IT security, specific applications security, Cloud Security etc

- Good understanding and writing skills of computer systems security strategies, policies,

- Good Knowledge of risk assessment processes

- Good understanding of current legal and regulatory requirements relating to information security and privacy - ISO17799/BS 7799, ISO 27001-2013

- Up to date knowledge of information security; industry certifications covering information security are added advantages - CISSP, CISM, CISA, CCSP

- Strong team skills and ability to collaborate across functions.

- Strong analytical and communication skills

What will you be doing?

As an Information Security Specialist, you will be responsible for protecting the organizations -Technology resources and information assets by :

- Ensuring strategic alignment of information security by working with InfoSec Specialist/Sr. Specialist in support of business objectives

- Ensuring confidentiality, integrity, availability of the Information assets

- Ensuring compliance to various standards like ISO 27001 and other applicable regulations

Information Security Governance:

- Establish and maintain a framework to provided assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations.

- Define and elaborate the information security strategy in support of the business strategy and direction

- Identify current and potential legal and regulatory issues affecting information security and assess their impact

- Establish and maintain information security policies that support business goals and objectives.

Risk Management :

- Identify and manage information security risks to achieve business objectives.

- Develop a systematic, analytical and continuous risk management process.

- Ensure that risk identification, analysis and mitigation activities are integrated into projects and processes life cycle.

- Identify and analyze risks through suitable and recommended methods

Information Security Program Management :

- Design, elaborate and manage information security program to implement the information security governance framework.

- Establish and maintain plans to implement the information security governance framework.

- Define annual information security budget

- Manage the information security budget in implementing the information security program.

Information Security Management:

- Oversee and direct information security activities to execute the information security program.

- Lead the plan, organize, assign, supervise and monitor the work of other team members where ever necessary

- Ensure that the rules of use for information systems and the administrative procedures for information systems comply with the information security policies.

- Ensure that services provided by other enterprises, including outsourced providers are consistent with established information security policies.

Response Management:

- Establish and manage capability to response to and recover from disruptive and destructive information systems events.

- Design, and implement processes for detecting and analyzing security-related events.

- Develop response and recovery plans like organizing, training, and equipping teams.

- Ensure periodic testing of the response and recovery plans are appropriate