Information Security Officer (Equivalent to Sr. Manager in India)

Position - Information Security Officer (Equivalent to Sr. Manager in India)

General Function

The Information Security Officer (ISO) plays the central role in implementing the vision and strategies of the Company to ensure the confidentiality, integrity, and availability of information by communicating risks to the management, creating and maintaining enforceable policies and supporting processes, and ensuring compliance with regulatory requirements. To support these activities, the ISO coordinates activities with other departments, including evaluation, procurement, and deployment of security-related products and develops and coordinates information security awareness and education programs. Additionally, the ISO ensures that an effective incident response plan is in place.

Qualifications and Experience

Education: A Bachelors degree in Engineering or Science.

Professional Certification CISSP, GIAC, CISA, CISM, etc.

Experience: At least 6-7 years of varied information technology experience is required. Applicable experience includes, but is not limited to, computer and networking infrastructure, operating systems, application software development, project management, regulatory compliance, risk management, and providing training. At least 4-5 years of direct experience in information security-related duties, including managing and directing IT security resources is required. Experience in a global organization setting is preferred.

Skills: (1) The ability to understand hardware and software systems; manage multiple concurrent projects; reason analytically; work with and train people possessing differing levels of technical knowledge. (2) Effective verbal and written communication skills in English and proficiency in writing security documents.

Duties and Responsibilities

1. Runs an ongoing, proactive risk assessment program for all new and existing systems and remains familiar with the Companys goals and business processes to ensure effective controls are put in place for those areas presenting the greatest information security risk.
2. Communicates risks and recommendations to mitigate risks to the management by communicating in non-technical, cost/benefit terms, so that decisions can be made to ensure the security of the information assets of the Company.
3. Oversees all ongoing activities related to the development, implementation, and maintenance of the Companys Information Security Management System (ISMS), including policies, procedures, and appropriate work practices.
4. Works with the business leadership of the Company on a wide range of security issues, including risk assessment, governance, data classification, policies, controls and procedures, vendor management, awareness, incident response, penetration testing and vulnerability assessment.

1. Ensures that the information security policies and procedures encompass security of information at rest or in transit and assists departments at different locations of the Company in local process and procedure development, ensuring they are not in conflict with the Companys policies.
2. Assists in ensuring regulatory compliance in areas such as ISO 27001, GDPR, PCI-DSS, HIPAA, etc.
3. Coordinates the activities of the Information Security Teams of the different Company locations for maintenance of the Information Security Management System and its continuous improvement.
4. Ensures vulnerabilities are managed by arranging periodic vulnerability scans of servers and critical network devices connected to the Companys networks.
5. Develops information security awareness training and education programs and works with HR to present these to the employees.
6. Works proactively to prevent potential disaster situations by ensuring that proper protections are in place, such as anti-malware solution, intrusion detection and prevention systems, firewalls, and effective physical safeguards, and by ensuring a business continuity/disaster recovery plan is in place to offset the effects caused by intentional and unintentional acts.
7. Evaluates security incidents and determines what response, if any, is needed and coordinates responses with the concerned departments, when sensitive information is breached.
8. Remains competent and current on the industry trends and security issues and services through self-directed professional reading, developing professional contacts, attending development courses, webinars, conferences, and/or courses.
9. Contributes to the overall success of the Company by performing all other duties and responsibilities as assigned.
10. Serves as the SPOC for all information security related interactions with existing and potential client organizations. These interactions may be in the form answering client questionnaires or meeting on general or specific security issues.