INFORMATION SECURITY OFFICER

Develop and implement an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats.

Duties and Responsibilities

• Establishes and enforces security policies and procedures to protect the Group’s IT infrastructure, networks and data.

• Ensures appropriate administrative, physical and technical safeguards are in place to protect the Group’s information assets from internal and external threats. Manage the mitigation of risk related to internal and external data breaches and cyber attacks

• Act as the committed owner of the security incident and vulnerability management processes from design to implementation and beyond.

• In conjunction with the HR department, conduct security training and awareness programs.

• Research and coordinate the installation of security solutions to monitor activity across all the corporate networks.

• Plan and coordinate security penetration and vulnerability testing against high risk applications or servers and information classifications.

• Work with stakeholders to ensure Information Security considerations are part of any strategic initiative.

• Ensure existing application security controls are adequate or identify those that require improvement. Support application security initiatives to ensure the software applications do not pose Information Security risks to the Group.

• Ensures Group wide disaster recovery and incident response plans are in place and regular simulations and tests are carried out.

• Acts proactively to reduce the risk of Cyber Security incidents by ensuring intrusion detection and prevention systems, firewalls, effective physical safeguards, and data loss prevention systems are in place.

• Assists other departments to ensure regulatory and card scheme compliance in areas such as Payment Card Industry – Data Security Standards (PCI-DSS) and GDPR.

• Perform Information Security risk assessments for new and existing systems, and taking the Group’s goals and business processes and objectives into account, recommend effective controls for those areas presenting the greatest information security risk.

• Any other duties ancillary or related to the foregoing.

Qualifications and Experience

• A Bachelor’s Degree in Computer Science or a related discipline.

• At least 2 years worked experience with an in-depth knowledge of Information Security risk and industry best practices.

• Certification in a related discipline e.g. CISSP, CISA  or other security certification, CISCO CCNA, CompTIA Security+

Knowledge/Skills and Abilities

• Strong interpersonal and communication skills.

• Excellent analytical and critical thinking skills.

• Demonstrate ethical behaviour, the ability to recognize and deal appropriately with confidential and sensitive information, and maintain the highest levels of confidentiality

• Ability to work unsupervised

• Time management

• A drive to learn more

• Ability to work as a member of a team.

• Required to lift medium weight equipment, e.g. computers, printers, servers etc, with the appropriate assistance (e.g. more than one person when necessary)

• Required to work periodically outside of normal office hours

Working Conditions

• Working conditions are normal for an office environment.

• Work may require occasional weekends and/or evening work

Contacts

• All staff and management in the Group.
   
• Periodic contact with elected committee members.