Security Policy Development and Implementation Develop, implement and maintain comprehensive information security policies, procedures, and guidelines. Ensure that security policies are aligned with business objectives and comply with regulatory requirements.
Risk Management Conduct regular risk assessments and vulnerability analyses. Identify potential threats and vulnerabilities and develop mitigation strategies. Implement and monitor security controls to manage and mitigate risks.
Incident Response Develop and maintain an incident response plan. Lead the response to security incidents and breaches, including investigation, containment, and recovery efforts. Conduct post-incident analyses and report findings to senior management.
Compliance and Auditing Ensure compliance with relevant regulations and standards (e.g., ISR DESC Standards, ISO 22301, ISO/IEC 27001). Coordinate and oversee internal and external security audits. Prepare and submit necessary compliance reports.
Security Awareness and Training Develop and deliver security awareness training programs for employees. Promote a culture of security awareness within the organization. Ensure that staff are aware of security policies and procedures.
Monitoring and Reporting Implement and manage security monitoring tools to detect and respond to threats. Regularly review security logs and reports to identify and address security issues. Regularly review security VAPT Reports and ensure they are closed.
Provide regular reports on the status of the information security program to senior management.
Collaboration and Advisory Work closely with IT and other departments to ensure security measures are integrated into all aspects of the organization's operations. Serve as a key advisor to senior management on information security matters.
Collaborate with external partners and stakeholders to ensure a comprehensive security posture.
Ability to prioritize a wide range of workloads with critical deadlines.
Availability outside of working hours to resolve emergency issues promptly.
Requirements
5-8 years of Information Security Governance, Risk, and Compliance experience.
Bachelor's degree in information security or a relevant degree.
Relevant certifications such as CISSP, CISM, CEH, ISO 27001 Lead Auditor, ISO 22301 Lead Auditor, or CISA are highly desirable.
Experience in implementing the ISR/DESC standards.
Main tasks:
Follow up on official correspondence and communications received by the Executive Director's Office, which include letters and e-mails to ensure that the necessary measures are taken.
Preserve correspondence and official documents within an integrated document preservation system.
Follow up on the status of messages received from all sectors and departments of the Authority.
Prepare for the evaluation of the Office of the Executive Director.
Cover the duties of the Executive Director's secretary during his vacation.
Prepare monthly reports related to correspondence to the Executive Director.
Manage incoming/outgoing correspondence from the Office of the Executive Director through the Tarasul system.
Follow up coordination with the office of the Director General and Chairman of the Board of Directors to ensure that all directives and instructions of the Director General and Chairman of the Board of Directors are implemented.
Ensure that correspondences that do not have a specific end date are not delayed for more than two months.
Ensure that all requirements are provided on time and that their completion is not delayed.
Receive messages (forms, minutes of meetings) that require the approval of the Executive Director and send them to the concerned authority upon approval.
Periodic follow-up and updating of the shared file.
Follow up on matters related to the Office of the Executive Director and prepare and implement the tasks assigned to me, including minutes of meetings and PowerPoint presentations.