Job Objectives
Delivers information security risk report and certification
Ensure the business comply with local and international certification and standards
Communicate and report risk metric to management
Work with relevant stakeholders in conducting project risk appraisal
Develop competent officers to take on managerial responsibilities.
Review operations approval request
Ensure approvals protect business assets
Duties & / Responsibilities
Deliver information security risk assessment of projects, new technologies, applications, service providers, IT changes and new businesses
Provide subject matters expertise on enterprise security architecture
Participate in the selection of technology and tools for business operations
Research applicable business technology for adoption for business improvement
Responsible for establishing the risk culture
Ensure risks are managed within the risk appetite of the business
Ensure risk management processes are properly documented and adequate.
Ensure all relevant personnel are aware of their risk responsibilities
Ensure continuous compliance with all PCI requirements
Ensure continuous compliance with VISA CVP requirements
Ensure continuous compliance with MasterCard GVCP requirements
Ensure continuous compliance with CUP PSP requirements
Requirements
Education Bachelor's Degree in information security, Cybersecurity, Computer Engineering, Computer Science, or a related field.
General Experience: Candidates should have a minimum of 10 years of experience in managing information security operations or incident response within complex organizations, business and financial operations, IT project operations and management.
Technical Skills: Proficiency in network and systems security, intrusion detection/prevention systems (IDS/IPS), EDR (Endpoint Detection Response), malware analysis, and familiarity with cybersecurity frameworks such as NIST CSF. Candidates should also have experience with various operating systems (e.g., Unix/Linux, Windows) and TCP/IP networking.