Provide leadership to the organizations information security setup, governance, protection, response & recovery
Develop, implement and monitor a strategy for comprehensive enterprise information security and IT risk management program
Driving and sustaining ISO27001 certification for the organisation and enhance information security management framework
Develop and enhance organizations Information security policies & procedure.
Provide regular reporting on the current status of the information security program to senior management and the board of directors.
Coordinate information security and IT risk management projects.
Design and conduct security assessment to ensure operational security.
Review organizations security posture/stance, threats, risks and take appropriate actions to mitigate the same.
oversee the periodic internal and external statutory audits and track progress of addressing the gaps identified during the audits
Interface with the Systems and Network support and Business departments to effectively implement, and monitor security policies & guidelines.
Selecting appropriate security solutions/tools and coordinate testing, deployment and implementation as well as outsourced arrangements (vendor & contract management). Scan relevant developments / technologies and initiate/participate in pilot/exploratory projects.
Identify risks and build actionable plans to protect from Cyber security incidents. Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.
Conduct Vulnerability Assessment & Penetration Testing (VA/PT) and track progress of addressing the identified risks.
Guide & Monitor Red team, Cyber Security Drills
Manage information security and risk management awareness training programs for staff
Ensure that all Information security policies and procedures are communicated to all personnel and that compliance is enforced
Communicate best practices and risks advisories across the organization
Maintain current knowledge of the information security field, track new developments in rapidly changing technologies, threats