Position Overview
As a Security and Compliance Officer, you will be responsible for establishing andmaintaining a robust security framework and ensuring compliance with all applicablelaws, regulations, and standards. Your role is critical in protecting our organization'sdigital assets, managing risks, and ensuring that our operations adhere to ethicalpractices and legal requirements. You will bring a wealth of knowledge in cybersecurity,risk assessment, and compliance frameworks to maintain the integrity and confidentialityof our information systems.Key Responsibilities1.
Security Strategy Development:➢ Develop, implement, and oversee a comprehensive information security programto ensure the integrity, confidentiality, and availability of electronic information.➢ Lead the development of organization-wide security policies, standards, andguidelines.2. Compliance Management:➢ Ensure the organization's compliance with industry standards, regulatoryrequirements, and internal policies.➢ Conduct regular audits and reviews to assess compliance, identifying potentialvulnerabilities and non-compliance issues.3.
Risk Assessment and Mitigation:➢ Perform regular risk assessments, identifying threats to the confidentiality,integrity, and availability of company information assets.➢ Develop and implement risk mitigation strategies and plans.4. Incident Response and Investigation:➢ Manage and respond to security incidents, establishing protocols to minimize theimpact.2➢ Oversee the investigation of security breaches and assist with disciplinary andlegal matters associated with such breaches.5. Training and Awareness:➢ Develop and deliver education and training programs on information security andcompliance to all employees.➢ Promote a culture of security awareness throughout the organization.6.
Vendor and Third-Party Risk Management:➢ Evaluate the security and compliance controls of third-party vendors and serviceproviders.➢ Manage the due diligence process and ongoing monitoring of third-partyrelationships concerning security requirements.7. Technology and Security Monitoring:➢ Oversee the operation of the organization's security infrastructure and software.➢ Keep abreast of the latest security and privacy legislation, regulations, advisories,alerts, and vulnerabilities pertaining to the organization.Qualifications➢ Bachelor’s or Master’s degree in Information Security, Cybersecurity, Computer Science,or a related field.➢ Professional certifications such as CISSP, CISM, CISA, or similar.➢ Extensive knowledge of information security principles, frameworks (e.g., NIST, ISO27001), and regulations (e.g., GDPR, HIPAA).➢ Proven experience in risk assessment, incident response, and compliance management.➢ Strong understanding of cloud infrastructure, database security, and data encryptiontechniques.➢ Excellent analytical and problem-solving skills, with the ability to manage complexsituations.➢ Strong leadership qualities and the ability to work effectively with both IT teams andsenior management.➢ Excellent communication skills, capable of clearly presenting complex security andcompliance topics to a variety of audiences.
