Text copied to clipboard!
Title
Text copied to clipboard!Information Security Officer
Description
Text copied to clipboard!
We are looking for an experienced Information Security Officer to join our team. The successful candidate will be responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the company. The ideal candidate will work with key stakeholders to define the IT security strategy and ensure that resources are utilized effectively. You will also be responsible for the development and implementation of security policies, standards, guidelines, and procedures to ensure ongoing maintenance of security.
Responsibilities
Text copied to clipboard!- Develop and implement a strategic, long-term information security strategy.
- Ensure that disaster recovery and business continuity plans are in place and tested.
- Review and approve security policies, controls and cyber incident response planning.
- Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.
- Ensure compliance with the changing laws and applicable regulations.
- Translate complex risk management issues into practical mitigation strategies.
- Ensure that security is embedded in the project delivery process by providing the appropriate information security policies, practices, and guidelines.
- Oversee security awareness programs and educational efforts.
- Respond immediately to security-related incidents and provide a thorough post-event analysis.
- Update and upgrade security systems as needed.
Requirements
Text copied to clipboard!- Proven experience as a Information Security Officer or similar role.
- Experience with audits and regulatory compliance.
- Knowledge of risk assessment tools, technologies and methods.
- Experience designing secure networks, systems and application architectures.
- Knowledge of disaster recovery, computer forensic tools, technologies and methods.
- Experience planning, researching and developing security policies, standards and procedures.
- Professional certification (e.g. Certified Information Systems Security Professional (CISSP)).
- Experience with anti-virus software, intrusion detection, firewalls and content filtering.
- Knowledge of web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols.
- Problem solving skills and ability to work under pressure.
Potential interview questions
Text copied to clipboard!- What is your experience with developing and implementing a strategic, long-term information security strategy?
- Can you describe a time when you had to respond to a security-related incident? What was your role and how did you handle it?
- What is your experience with audits and regulatory compliance?
- Can you describe a time when you had to translate complex risk management issues into practical mitigation strategies?
- What is your experience with disaster recovery, computer forensic tools, technologies and methods?