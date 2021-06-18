Information Security Governance
- Establish, communicate and maintain Information Security policies, standards, procedures and other documentation that support Information Security.
- Facilitate the development of an Information Security strategy aligned with the University’s IT governance model and its strategic goals and objectives.
- Identify current and potential legal and regulatory requirements affecting Information Security.
- Establish reporting and communication channels that support Information Security.
Information Security Risk Management
- Establish a process for information asset classification and ownership.
- Implement a structured information risk assessment mitigation and reporting process.
- Ensure that threat and vulnerability evaluations are performed on an ongoing basis.
- Identify and periodically evaluate Information Security controls and countermeasures to mitigate risk to acceptable levels.
- Integrate risk, threat and vulnerability identification and management into operational management and program delivery processes.
Information Security Program Development
- Ensure the development of Information Security architectures (considering people, information, processes and technology).
- Develop and maintain plans to implement the Information Security strategy ensuring alignment with other assurance functions.
- Specify the activities to be performed within the Information Security program / projects.
- Develop a program for Information Security awareness, training and education.
- Recommend and advise Information Security requirements into the organisation’s processes and
- lifecycle activities (e.g., change control, software development, employment, procurement etc.).
- Advise on the integration of Information Security controls into contracts.
- Establish metrics to evaluate the effectiveness of the Information Security program.
Information Security Program Management
- Oversee the execution of Information Security programs.
- Oversee the performance of contractually agreed information security controls (e.g., with joint ventures, outsourced providers, business partners, third parties).
Provide Information Security advice and guidance (e.g., risk analysis, control selection) across the institution.
- Provide Information Security awareness, training and education to stakeholders (e.g., business process owners).
- Monitor, measure and report on the effectiveness and efficiency of Information Security controls and compliance with Information Security policies.
Information Security Incident Management and Response
- Develop and maintain plans to respond to and document Information Security incidents.
- Develop and implement processes for preventing, detecting, identifying, analysing and responding to Information Security incidents.
- Establish escalation and communication processes and lines of authority.
- Track and facilitate the investigation of Information Security incidents (e.g., forensics, evidence collection and preservation, log analysis, interviewing).
- Develop a process to communicate with internal and external stakeholders (e.g., media, law enforcement, staff and students).
- Integrate Information Security incident response plans with the institution’s disaster recovery and business continuity plan.
- Formulate training and awareness programs for Information Security incident response.
- Provide guidance on the resolution of major Information Security incidents.
- Facilitate reviews to identify root causes of Information Security incidents, facilitate corrective actions and re-assess risk.
QUALIFICATIONS ,SKILLS AND EXPERIENCE REQUIREMENTS
- Undergraduate or masters’ degree preferably in one of the following areas Business Management, Information Systems,
- Computer Science, Engineering, and other related majors and/or
- 8+ Years IT, Information Security and Risk Management
- Global Data Privacy Requirements
broad range of security technologies/products, standards and methodologies.
- Information Security industry-standard certifications such as CRISC, CISA, CISM or CISSP would be advantageous
- Security experience within a large complex corporate environment
- Development of security plans, strategies, roadmaps, methodologies and frameworks
- Familiarity with the use of standard security technology solutions and processes such as: access control, user provisioning, active directory, MFA, SIEM, vulnerability management,
- Access, Security Brokers, Data Loss prevention solutions, anti-virus, single sign on, and Cryptography.
- Knowledge of common web technologies, enterprise and network architecture.
- Secure development life cycle methodologies.
- Programming languages or other scripting languages
Desired Skills:
- Programming
- Information System
- Archetecture
- Business Management
Desired Work Experience:
- More than 10 years Investments, Insurance & Assurance
- More than 10 years Systems / Network Administration
Desired Qualification Level:
- Masters