Develops, implements, and monitors a strategic, comprehensive enterprise information security and IT risk management program.
• Works directly with the business units to facilitate risk assessment and risk management processes.
• Develops and enhances an information security policy and supporting frameworks.
• Understands and interacts with related business units to ensure the consistent application of policies and standards across all technology projects, systems, and services.
• Partners with business stakeholders across the company to raise awareness of risk management concerns.
• Assists with the overall business technology planning, providing current knowledge and a future vision of secure technology and systems.
• Creates annual operating plans for all the information security initiatives for required budget approvals as per planned information security strategy implementation roadmap
• Establishes performance management metrics for Information Security Office with critical success factors and thresholds and monitors the key performance indicators.
Information Security Risk Assessments, Audits, and Certifications:
Defines and develops the information security risk management framework to manage the risks.
• Identifies evaluates, categorizes, and proposes risk mitigation controls.
• Conduct periodic risk assessments and present a report to Management to ensure that risks are not duplicated or contradicting with other management systems.
• Periodically determine compliance with defined policies or standards.
• Maintain risk register and track all risks and their treatments in order to inform the Executive Management.
Bachelor’s degree in Computer Science, Computer Engineering, Information Systems Management, Information Security or related field.
• Master’s degree in Executive Business Administration or Computer Systems Security.
• IT security certifications such as CISSP/GICSP/CISM/CISA/CRISC/CEH/etc.
10+ years’ experience in Technology, 7+ years in Cyber/Info Sec including leadership roles. Solid experience creating systems to implement information security strategy, frameworks & roadmap.