Kalpataru - Cyber Information Security Officer - CISM/CISSP (7-10 yrs)
Specific Responsibilities include :
- Accountable for the development, implementation and monitoring of a strategic, comprehensive enterprise information security program to ensure the availability, integrity and confidentiality of information owned, controlled or processed by KALPATARU Group
- Works directly with the IT Security Team (In-house and Outsourced) on improvements and maintenance of an information security program which, through automated and continuous monitoring, detects, contains and mitigates incidents that impair information security systems (e.g., antivirus software, firewalls, other security systems)
- Provide leadership across KALPATARU Group in the development and implementation of IS security processes, policies, practices and services;
- Provide leadership in the analysis and discussion of security policy, standards and practices; and guide the acquisition of advanced security technology;
- Responsible for information protection policy compliance including network security architecture, network access and monitoring, and employee education and awareness
- Lead and collaborate with Information Services colleagues in the monitoring, assessment and testing of security solutions;
- Provide leadership, guidance, evaluation and advocacy for institutional security audit responses
- Evaluate risk and act expeditiously in making decisions and recommendations, while considering the technology environment, as well as the varying needs and viewpoints of the KALPATARU Group community;
- Lead and coordinate institutional responses to security incidents, providing timely reports during the incident and response, as well as proposing solutions to anticipate, prevent or mitigate future incidents;
- Provide leadership, guidance and investigation regarding information security policy and security education and training;
- Document and publish security standards, processes and procedures that KALPATARU Group is expected to meet.
- Establishes organization security protocol requiring user identification and passwords, and protects networks from internal and external threat
- Advises management on information security issues and risks, performs and advises on security risk assessments, implements and maintains information security policies and procedures
- Collaborates with Internal Audit, Corporate Compliance, Information Services and Enterprise Risk to develop, document and implement procedures for handling security breaches
- Develops and maintains an information security risk mitigation plan, including leading the security incident response team in prevention, investigation, mitigation and reporting activities
- Oversees complaint, incident, preventative, and investigative programs related to information security policies
- Participates in the development, implementation and on-going compliance-monitoring of all information-sharing relationships to ensure security concerns, requirements and responsibilities are addressed.
- Plans, develops and oversees an information security review and due diligence process for new facilities, information technologies and environments.
- Ensures appropriate organizational policies, procedures, technical systems and workforce training on information and cyber security. Leads information security awareness training initiatives.
- Oversees outside consultants for independent security audits, engagements and monitoring, including regular penetration testing.
- Stays up-to-date on technology news, researching new security technology and safety protocols.
- Ensures audit and access control processes are defined and being followed for minimum necessary access to confidential data.
- Balances information security needs with the organization's strategic business plan, identifies risk factors, and determines solutions.
- Performs other duties as assigned.
Required Qualifications :
- A bachelor's degree required in computer science, information systems management, business administration, or a related field.
- Certification as a Certified Information Security Systems Security Professional (CISSP), Certified Chief Information Security Officer (CCISO), or Certified Information Security Manager (CISM);
Preferred Qualifications :
- Direct experience in the specific technical areas of systems administration, applications development, database administration, network operations, or data centre operations;
- Demonstrated experience with technology policy and security administration;
- Demonstrated leadership experience;
- Demonstrated accomplishments in program leadership, policy development, and project management;
- Demonstrated strong interpersonal and communications skills, plus the ability to achieve goals through influence, collaboration and cooperation;
- Demonstrated ability to work with senior staff and senior technical personnel;
- Knowledge of computer forensic investigation methodology and investigation tools to collect, analyse, and preserve electronic evidence and Integrity and high standards of personal and professional conduct.
- Experience with IT security standards or frameworks such as ISO 27002
- Experience with technology policy and security administration is strongly desired;