- Develop, implement, and maintain an effective information security program in accordance with industry best practices and regulatory requirements.
- Conduct regular risk assessments and vulnerability assessments to identify potential security threats and vulnerabilities.
- Develop and implement risk mitigation strategies and security controls to minimize risks to the organization's information assets.
- Monitor security controls and systems to detect and respond to security incidents and breaches in a timely manner.
- Lead incident response activities, including investigation, containment, remediation, and reporting of security incidents.
- Collaborate with internal stakeholders to ensure that information security policies, procedures, and standards are effectively communicated and enforced throughout the organization.
- Provide guidance and support to IT teams and business units on security-related matters, including secure software development practices, network security, and data protection.
- Stay informed about emerging threats, vulnerabilities, and security technologies, and recommend appropriate measures to mitigate risks.
- Conduct security awareness training and educational programs to promote a culture of security awareness among employees.
- Liaise with external auditors, regulators, and third-party vendors to ensure compliance with relevant security standards and regulations.
- Prepare and maintain documentation related to information security policies, procedures, standards, and incident response plans.
- Participate in strategic planning and budgeting processes to align information security initiatives with business objectives and priorities.
Requirements- Minimum of 6 years of proven experience in the IT field, including at least 2 years in information security management, risk management, or related roles.
- In-depth knowledge of cybersecurity principles, standards, frameworks (e.g., NIST, ISO/IEC 27001), and regulations (e.g., GDPR, HIPAA, PCI DSS).
- Experience conducting risk assessments, vulnerability assessments, and penetration testing.
- Strong analytical and problem-solving skills, with the ability to assess complex security issues and develop effective solutions.
- Excellent communication and interpersonal skills, with the ability to interact effectively with stakeholders at all levels of the organization.
- Experience leading incident response activities and managing security incidents and breaches.
- Familiarity with security technologies and tools, such as SIEM, IDS/IPS, DLP, endpoint protection, and encryption.
- Ability to work independently and collaboratively in a fast-paced environment, with a strong focus on results and attention to detail.
- Knowledge of cloud security principles and best practices is a plus.
