Implement security policies, standards, procedures, and guidelines for the organisation in compliance with ISO27001 and sercurity framework (SAF,MTSB program)
Assist in ISO27001 program implementation.
Define and Implement security controls and process across the Partners entities
Analyze and validate information security technical requests.
Provide consultantion to local/regional teams to ensure that implemeted technology solutions or controls meet the security standards
Coordinate with technology and business/stakeholders groups to assess, implement, and monitor IT-related security risks/hazards/controls.
Support security audit, and contribute and follow-up the remediation of findings.
Perform Security analisis and define and follow remediation actions
Work with Project Teams to ensure that locally implemeted technology solutions meet the security standards, government rules and regulations.
Deliver training and instruction on security where required
Information Risk Management
Identifying, reporting to Management, monitoring and mitigating risks in IT security and compliance
Prepare monthly reports on risk analysis reviews, security compliance reviews, etc linked to the Security Framework (SAF, MTSB program) to the CISO
To identify risk and work out to define mitigation activities, analysis, review, follow up actions and report to CISO..
Support and coordinate with entities in the risk analysis process and track to ensure action items are completed
Information Security Oversight monitoring and Governance
Support internal / external security audits and deal with audit issues, corrective, track, review status, follow up, update progress, to track and upload documents to audit teams.
Follow up and consolidate monthly remediation audit reports
Implement transversal controls to monitor compliance with the organization's security policies and procedures among employees, contractors, alliances and other third parties and takes corrective action.
Follow up on existing security KPIs and KRIs.
Others
Define and Assist in Data Classification and 3rd party Security projects
Monitors advancements in information security technologies.
Monitors changes in legislation and accreditation standards that affect information security.
KNOWLEDGE & SKILLSInformation Security Management : Proficient in the skill and able to train/provide advice to others in its application
IS Governance (ISMS)
Policy & Standards
Legal & Regulatory Environment
Third Party ManagementRisk Assessment/Mngt
Implementing Secure Systems and Controls: Demonstrates the skill on a consistent basis and draws upon past experiences in its application; able to offer guidance to others.
Audit, Assurance and Review: Demonstrates the skill on a consistent basis and draws upon past experiences in its application; able to offer guidance to others.