Manager Information Security Compliance

·         Masters / 4 years Bachelors in Information Security / Computer Science / Information Technology / Project Management / Business Administration from some reputed foreign or HEC-recognized institution / university.

·         Candidate having 7+ years proven experience of the development, implementation, maintenance and compliance of organization-wide Information Security Policies, Programs, Standards and technologies related to systems/applications/databases/networks.

·         Professional security management certification like CISM, CISSP, CEH, CISA, COBIT, CompTIA Security+, ISO 27001.

·         Excellent communication skills both verbal & written.

·         Knowledge of disaster recovery, computer forensic tools, technologies and methods.

·         Professional experience in Information Security Compliance in applications, systems, databases and networks.

·         Ability to communicate information (cyber/network/data) security issues to peers and management.

·         Direct experience with anti-virus software, intrusion detection, firewalls and content filtering

·         Knowledge of information security related to applications/systems/databases/networks risk assessment tools, technologies and methods.

·         Require an excellent working knowledge of UNIX, Windows, and other operating system platforms.

·         Thorough understanding of established security and data sharing standards, such as SOX, HIPAA, and ISO, to ensure organizational compliance.

·         Strong problem-solving skills.

·         Experience designing secure systems, applications, databases and network architectures.

Responsibilities:

·         Provide assistance to develop, maintain and implement information security/cyber security/ network security processes / framework / methodologies and information security compliance against applications/systems/databases/networks.

·         Provide assistance to develop, implement, and maintain organization-wide Information Security Policies, Programs, Standards. Technologies and Compliance.

·         Provide assistance to develop, maintain, enhance, implement and monitor information (Cyber/network/data) security management / information risk management processes / framework / methodologies compliance against CIA (Confidentiality, Integrity, and Availability) for applications/systems/databases/networks.

·         Ensure the confidentiality, integrity and availability of organization's information, data and IT services related to applications/systems/databases/networks.

·         Manage to provide a secure, reliable platform (applications, databases, systems and networks)

organization-wide and to authorized third parties with the assurance that the platform is appropriate to process sensitive information.

·         Conduct information security awareness sessions / workshops on regular basis.

·         Support in providing a centralized management structure for all information security functions.

·         Perform IT security risk assessments and reporting on ways to minimize threats.

·         Monitor security vulnerabilities and hacking threats in network and host systems.

·         Tracking latest IT security innovations and keeping abreast of latest cyber security technologies

·         Ensure disaster recovery & business continuity.

·         Perform internal information security audits on regular intervals against all technologies.

·         Communicate with key stakeholders about IT security threats.

·         Implement an effective process for the reporting of security incidents.

·         In Case of a Security Breach, leads incident response activities to minimize the impact of a Security Breach. Technical and forensic investigation into how the breach happened and the extent of the damage.

·         Overseeing the investigation of reported security breaches.

·         Develop strategies to handle security incidents and trigger investigations.

·         Manage/deliver training, coaching, and mentoring to information security team members.

·         Comply with the latest regulations and compliance requirements.

·         Keep organization updated about the latest security strategies and technologies.

·         Ensure compliance to legal, regulatory & contractual information security requirements.

·         Lead the security design for all departmental projects, developments, integrations, third party integrations, highlight and clearly articulate risk mitigation requirement.

·         Lead the escalation and resolution of risk and compliance issues with appropriate stakeholders.

·         Collect, analyse, and prepare reports required for senior management, regulators, and other relevant stakeholders

·         Provide routine direction on remediation activity to meet compliance

·         Improve existing compliance programs and processes

·         Design and execute audit procedures to assess and measure company compliance with its security policies and procedures

·         Manage compliance testing and monitoring of current and future regulatory obligations, and other regulatory matters as required.

·         Improve existing compliance programs and processes.

·         Conduct internal security risk assessments and security compliance audits.

·         Ensure that cybersecurity is truly a central part of organizational culture, keeping stakeholders at all levels informed and vigilant.

·         Any task assigned by management.