IT Information Security Manager

ROLE PURPOSE:

Leads the over-all IT risk management programs and activities and ensures adherence of IT systems to all applicable laws and regulatory requirements to prevent possible losses emanating from non-compliance.

DELIVERABLES:

• Designs the information security architecture and drafts policies/procedures of the enterprise for approval
• Manage info-sec projects for the enterprise or specific to a business unit.
• Maintains Enterprise Data Privacy Compliance Management plan.
• Ensures it is updates and provide recommendations to improve the plan.
• Conduct regular assessment and gap analysis of existing IT systems, then identify areas for improvement and monitor action plans.
• Ensures delivery of these projects on-time and in scope. Manages team members and other resources.
• Assess info-sec technical solutions and provide recommendations.
• Reviews the info-sec related requirements of the projects and provide recommendations. Participates in the solutions delivery.
• Organize Info Sec steercom meetings. Present project status updates, seek approvals on drafted policies and procedures, etc.
• Project-manage the compliance initiatives across the enterprise through the business units’ respective Data Protection Officers.
• Perform vulnerability assessment and penetration tests of servers, networks or apps
• Acts as incident manager for info sec related incidents and breaches
• Perform compliance checks to info-sec related regulatory requirements. Provide recommendations.
• Implement info-sec awareness across the enterprise
• Ensure closure of info sec related risks and issues
• Implement and maintain technical and procedural controls to protect information flow across networks
• Information security policies
• Performs compliance audit and reviews of business units
• Launch/Execute DPA compliance awareness programs
• Maintains the group’s Risk Management assessment and mitigation initiatives. Ensures it is comprehensive and kept updated
• Execute risk awareness programs
• Ensures that the group complies with all regulatory compliance requirements. Monitor/review responsible units to comply accordingly
• Facilitates and assists in internal and external audit engagements. Ensures closure of audit findings
• Prepare, submit and monitor consolidated IT group's risk registry and compliance reports
• Maintain and update the IT Security compliance database
• Manages data storage and management to ensure data privacy is upheld
• Provides policies and guidelines on how to store and distribute data
• Assesses technical solutions related to data repository

• Bachelor's degree holder in IT, Computer Science
• At least 5 years experience in IT Management or in information security, risk and compliance
• Knowledge in SAP, Agile, SCRUM and related applications is an advantage
• Experience in Cybersecurity