Security Officer

Job Overview:

The Information Security Officer will play a crucial role in ensuring the organization’s information assets are well-protected and compliant with regulatory, industry, and internal security standards. The primary focus of this role is on compliance, government risk, risk management, business alignment, and adherence to ISO standards. The role requires strong leadership skills, a deep understanding of risk management, regulatory requirements, and the ability to work closely with various business units to ensure the successful implementation of security policies and practices.

1. Compliance Management:
   • Ensure that the organization complies with all relevant laws, regulations, and standards related to information security, such as GDPR, HIPAA, SOX, and other applicable industry-specific regulations.
   • Conduct regular audits and assessments to ensure continuous compliance with internal security policies and external regulatory requirements.
   • Coordinate with legal, audit, and compliance teams to maintain robust information security governance.
2. ISO Standards and Certifications:
   • Lead efforts to maintain and achieve ISO 27001 certification and other relevant standards (e.g., ISO 22301 for business continuity).
   • Develop and maintain information security policies and procedures based on ISO standards, ensuring continuous improvement in alignment with evolving risks.
   • Conduct gap analysis, audits, and risk assessments to ensure adherence to ISO standards and provide recommendations for improvement.
3. Business Alignment:
   • Collaborate with business units to integrate security requirements into core business processes and decision-making.
   • Provide guidance on the security implications of business initiatives, ensuring security measures are considered without hindering business operations.
   • Develop strong relationships with key stakeholders to ensure alignment between security policies and business objectives.
4. Risk Management:
   • Perform risk assessments to identify vulnerabilities and threats to information assets and develop strategies to mitigate these risks.
   • Establish and maintain a risk management framework, ensuring that the organization proactively addresses security risks while remaining compliant with industry standards.
   • Oversee the development of incident response plans, disaster recovery, and business continuity plans to minimize the impact of security breaches.
5. Security Awareness and Training:
   • Design and deliver security awareness training programs to employees at all levels, ensuring a culture of security across the organization.
   • Ensure employees are educated on compliance requirements and security policies to foster proactive behavior toward risk management.
6. Vendor and Third-Party Management:
   • Assess the security posture of third-party vendors and partners, ensuring compliance with the organization’s security requirements.
   • Manage vendor contracts related to security services, ensuring they meet security and compliance standards.
7. Reporting and Metrics:
   • Develop and maintain security metrics to track compliance, risk levels, and incident response performance.
   • Prepare and present regular security status reports to senior management and key stakeholders, highlighting compliance posture, risk mitigation efforts, and key security initiatives.

• Bachelor’s degree in Information Security, Cybersecurity, IT, or a related field. A master’s degree is a plus.
• Professional certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Auditor/Implementer.
• 5+ years of experience in information security, with a strong focus on compliance, ISO standards, and risk management.
• Experience in managing ISO 27001 compliance and certification processes.
• Knowledge of relevant regulatory frameworks such as GDPR, HIPAA, SOC 2, etc.
• Strong understanding of risk management principles, including threat modeling and vulnerability assessments.
• Excellent communication and interpersonal skills, with the ability to work collaboratively across departments.
• Analytical thinking and problem-solving skills with a focus on business and security alignment.
• Ability to manage multiple projects simultaneously while meeting deadlines.

• Experience in a highly regulated industry such as finance, healthcare, or energy.
• Familiarity with governance frameworks such as COBIT or NIST.
• Experience working with senior leadership and cross-functional teams to implement security strategies.