Information Security, Business Continuity & Crisis Management
Full time
The individual in this role is tasked with the following responsibilities to ensure the effective implementation and management of the local Information Security Management System (ISMS):
1. Oversees ISMS Implementation and Controls: Manages the local implementation of the ISMS, ensuring that security controls and measures align with the organisation's overall framework and policies.
2. Local Information Security Compliance: Ensures the application and adherence to information security requirements at the local level, maintaining compliance with global standards.
3. Advises on Information Security Matters: Provides guidance to the site manager on matters related to information security, ensuring that potential risks and vulnerabilities are appropriately addressed.
4. Supports Local Process Owners: Based on global directives, assists local process owners with information and asset inventory, classification, risk identification and assessment, as well as the definition and monitoring of appropriate security measures within business processes.
5. Integrates Security into Local Processes: Ensures that information security requirements are fully integrated into local business processes to maintain compliance and safeguard information assets.
6. Leads Awareness and Training Initiatives: Organises and manages local awareness and training programs on information security, ensuring a high level of employee participation, with demonstrable proof of engagement.
7. Manages Local Security Incidents: Handles local information security incidents promptly and in accordance with established protocols to mitigate risks.
8. Identifies Local Processes and Owners: Identifies all local processes within the ISMS scope and assigns the appropriate process owners, ensuring that these individuals are aware of the relevant policies.
9. Facilitates Risk and Protection Analysis: Works with process owners to analyse and determine the appropriate level of protection needed for each process, ensuring comprehensive risk assessments are performed.
10. Supports Security Measures Design and Documentation: Collaborates with process owners to design and document necessary information security measures, facilitating the creation of evidence documents that demonstrate the operational effectiveness of controls.
11. Ensures Asset and Application Reporting: Ensures that all process owners report on relevant assets, systems, and applications necessary to perform their respective processes, with particular attention to systems, applications, and infrastructure.
12. Assigns Risk Ownership: Allocates identified risks to the appropriate risk owner, ensuring their commitment to the role and associated responsibilities.
13. Supports Risk Mitigation: Works with risk owners to design suitable countermeasures to mitigate identified risks, ensuring an effective risk treatment process.
14. Consolidates Risk Treatment Reports: Collects and consolidates risk treatment progress reports from risk owners, ensuring that this information is accurately communicated to senior management.
15. Identifies Asset Owners: Identifies all relevant asset owners responsible for the assets and applications that support the processes within the ISMS scope.
16. Ensures Asset Owners are Informed: Ensures that asset owners are fully aware of the relevant policies and security requirements pertaining to their assets.
17. Guides Asset Risk Analysis: Instructs asset owners to perform risk analysis to identify vulnerabilities and necessary security controls, providing support as needed.
18. Supports Procedural Documentation: Assists asset owners in the creation, implementation, and documentation of procedural information security measures to ensure robust protection and compliance with ISMS requirements.
Profile and Qualifications
1. Bachelor or Master Degree in Information Technology/ Computer Science / Cybersecurity, Business Administration, or a related technical discipline.
2. IT Security Certifications advantageous (e.g. ITIL: Information Technology Infrastructure Library, COBIT: Control Objectives for Information and Related Technology, CISA: Certified Information Systems Auditor, CISM: Certified Information Security Manager).
3. Information security Certifications (ISMS Lead Implementer, ISMS Lead Auditor, additional in accreditation of a certification body).
Professional Knowledge and Experience
1. 3+ years of experience in Cyber- or Information Security.
2. Good know-how in management systems, audits, dealing with audit findings.
3. Knowledge of security standards such as ISO, PCI, HIPAA and SOX.
4. Experience in multivendor Management and dealing with multiple suppliers.
5. IT Service Management and ITIL process framework.
6. Strong interpersonal skills in communication and collaboration, fostering effective teamwork and positive relationships.
7. Highly organised with robust project management skills, ensuring a structured and methodical approach to tasks and deadlines.
8. Strong analytical and problem-solving abilities, capable of assessing challenges and delivering effective solutions.
9. Proficient in financial management, with experience in budget ownership and oversight.
#J-18808-Ljbffr