Assistant IT Manager (Security & Compliance)

Assistant IT Manager (Security & Compliance)

Collaborate with the security consultancy firm to develop IT/OT security policies and procedures based on ISO 27001 standards.

• Ensure policies align with the organization's needs and compliance requirements.
• Conduct regular audits and assessments to ensure compliance with ISO 27001 and other relevant standards.
• Develop and implement governance frameworks and SOPs to ensure data security and compliance.
• Review all gap assessments to identify vulnerabilities and areas of non-compliance.
• Develop and execute remediation plans to address identified gaps.
• Understand the organization's IT business operations to ensure security measures are integrated seamlessly.
• Work closely with IT teams to implement and manage security solutions that support business objectives.
• Identify potential security risks and develop strategies to mitigate them.
• Monitor and respond to security incidents, conducting root cause analysis and implementing corrective actions.
• Develop and deliver security awareness training programs for employees.
• Promote a culture of security within the organization.
• Serve as the primary liaison between the organization and the security consultancy firm.
• Coordinate with other departments to ensure alignment on security and governance initiatives.

Job Requirements:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. A Master’s degree is preferred.
• Minimum of 7-10 years of experience in IT security and governance, with a strong focus on compliance.
• Proven track record of developing and implementing IT security policies and procedures at a senior level.
• Experience working with security consultancy firms.

Skills

• Knowledge of IT business operations and integration of security measures.
• Extensive knowledge of ISO 27001 standards and compliance requirements.
• Knowledge of Operation Technology in automation and control system and IEC62443.
• Relevant certifications such as CISSP, CISM, CISA, or ISO 27001 Lead Implementer/Auditor are highly preferred.
• Superior analytical and problem-solving skills.
• Ability to conduct comprehensive investigations and root cause analysis.
• Exceptional verbal and written communication skills.
• Ability to clearly articulate security concepts and strategies to both technical and non-technical stakeholders, including top management.
• Proven leadership skills with the ability to drive security initiatives and foster a security-first culture.
• Strong ability to work effectively with cross-functional teams and third-party consultancy firms.
• Strong project management skills, with experience leading complex security projects from inception to completion.
• Ability to think strategically about the organization's security needs and develop long-term plans to meet those needs.