Roles and Responsibilities:
- Implementing policies and procedures to keep the organization in compliance with
current legislation and standards. - Providing employees with security training. It is critical that all employees understand
how their everyday job actions affect the overall security of the company. Training staff
on defined policies and procedures on an ongoing basis. - Facilitate to take corrective and preventive action if an employee breaks the policies or
procedures. Understanding the security threats connected with various job functions is
part of this. - Collaborate with employees to understand how the policies affect their regular work
activities. - Keeping the infrastructure secure by supervising the IT auditing procedure (e.g.,
penetration testing, vulnerability assessments, etc.). You will also be in charge of
assessing all audit results and making necessary infrastructure adjustments. - Ensuring that the company’s data is protected using the most secure technologies
available. This means you’ll have to keep up with new threats, vulnerabilities, and exploits
as they emerge. - Be aware of any potential harm the new threats may have on your network infrastructure
and existing security procedures. - Maintaining the security of all applications, networks, and systems that interact with the
outside world. This involves ensuring that all third-party service providers are held to the
same security standards as the internal users. - Serving as a point of contact for high-risk vulnerabilities and occurrences. This includes
assessing the risk associated with new threats, vulnerabilities, and exploits before
deciding how to respond to them. You must also be able to make decisions about when
to tell senior management about emerging threats and their possible impact on your
organization’s infrastructure. - Lead on compliance reviews, certifications and accreditations (e.g. ISO27001, Cyber
Essentials, DPDP Act etc.). - Implement effective and appropriate GRC controls and measures to protect systems and
data. - Identify, communicate and manage current and emerging security threats with relevant
stakeholders. - Develop Information security compliance frameworks, security policies and procedures,
where necessary. - Work with business, internal IT and 3rd party vendor teams to promote and adopt
security best practices. - Validate IT infrastructure and other reference architectures for security best practices
and recommend changes to enhance security and reduce risks, where applicable. - Work with Global Information Security Team, Security partners, Managed Security
Service Provider (MSSP) to conduct and review regular security assessments (Pen tests,
Vulnerability scans etc) of vendors and solutions (SaaS, IaaS providers and MSSP).
Qualifications:
- Comprehensive understanding of Information Security Frameworks (e.g. ISO 27001, SOC
2, NIST CSF, Cobit, etc.) - Monitoring and reporting on compliance with security and data protection policies, as
well as the enforcement of policies. - Working knowledge of Security Architecture and potential security issues related to
PaaS, IaaS, SaaS with understanding of IAM and Data Loss Prevention in an AWS
environment. - Knowledge of security technologies such as EDR, DLP, Vulnerability Management and
Firewalls. - Familiar with HMG Security Policy Framework requirements and Government Security
Classifications