ISMS Support Specialist

Job Description:

• Establishes, implements, and maintains Information Security policies, procedures and controls for the company and continually ensures that the company’s policies and procedures comply with applicable Standards.
• Understands the entire information life cycle and build a governance regime with focus on security and protection controls across the stages.
• Help to create, manage and periodically test a comprehensive incident response plan in the event of an unauthorized disclosure of customer and employee data
• Develops and implements preventive & corrective action plans for identified compliance issues and collaborates with operational teams to implement and maintain any required safeguards and remedial measures
• Maintain an Information Security risk register, conduct periodic risk assessments, designs controls for identified risks and oversee the implementation and ongoing maintenance.
• Conduct project reviews from Information Security perspective and data privacy impact assessments for all new and existing projects, vendor engagements and contractual reviews.
• Administers delivery of training on IS policies and procedures to all employees as well as appropriate third parties and maintains documentation of all training provided.
• Remains abreast of the industry trends and updates on information security issues (as appliable on data privacy issues) and topics.
• Participates in new business initiatives and product development activities to promote and implement functionality necessary to support required IS and data privacy compliance capabilities.
• Conduct Review & Provide input / feedback on security architectures of the Project(s)
• Participate in Product / Project Cyber Security Assessment reviews along with the Project teams as applicable.
• Collaborates with internal and external functions to ensure that IS (and privacy) compliance is always maintained.

• Authorized to Conduct Review & Provide input / feedback on Information Security architectures of the Project(s)
• Authorized to review and approve technical documents as per enterprise requirements
• Authorized to follow up on document updates and trainings

• 5 -6 years’ experience with ISO 27001 / BS 10012 / Security Architect and /or Engineering
• A legal, compliance, IT security or audit background
• Intermediate understanding of application College degree or / equivalent and 5-8 years related work experience, required
• / product security, Network and infrastructure security, Identity and Access management, IS Protection and Privacy controls - logical and technical, 3rd Party Security, Incident / Business Continuity / Compliance Management
• Possess a solid understanding and have experience with systems automation platforms and different technologies
• Experience with enterprise applications (architecture, development, support, and troubleshooting)