ESSENTIAL DUTIES AND RESPONSIBILITIES FOR ISO
1. Creates information security strategies, both short-term and long-term, in support of the Organization’s goals.
2. Directs an ongoing, proactive risk assessment program for all new and existing systems and remains familiar with the Organization’s goals and business processes so effective controls can be put in place for those areas presenting the greatest information security risk.
3. Coordinates the activities of Information Security so that security decisions do not interrupt business processes while maintaining the confidentiality, integrity, and availability of Organization’s information.
4. Ensures vulnerabilities are managed by directing periodic vulnerability scans of servers and all endpoints connected to EEDC’s networks.
5. Develops information security awareness training and education programs for staff and vendors
6. Acts proactively to prevent potential disaster situations by ensuring that proper protections are in place, such as intrusion detection and prevention systems, firewalls, and effective physical safeguards, and ensuring a business continuity/disaster recovery plan is in place to offset the effects caused by intentional and unintentional acts.
7. Evaluates security incidents and determines what response, if any, is needed and coordinates responses, including technical incident response teams, when sensitive information is breached.
8. Remains competent and current through self-directed professional reading, developing professional contacts with colleagues, attending professional development courses, attending training, conferences, and/or courses as directed by the supervisor, and obtaining certifications relevant to job duties.
9. Contributes to the overall success of the Organization by performing all other duties and responsibilities as assigned.
10.Escalates information security incidents to the Head IT where necessary and provides guidance and direction for mitigations.
11.Reviews information security policies at least annually or when significant changes occur in the information security implementation.
12.Ensure that EEDC implements a sound methodology for managing information security consistent with the ISO 27001 standards
13.Assess the effectiveness of EEDC’s information security programme 14.Ensure EEDC adequately budgets for information security
1. Minimum of Bachelor's degree in Computer Science or a related field with relevant certifications
2. 3-5 years of work experience in progressive IT Security
3. Excellent communication, documentation and presentation skills 4. Strong leadership and managerial skills
5. Good knowledge of regulatory compliance, including PCI DSS, NIST etc.
6. A good understanding of security concepts such as DNS, authentication, VPN, proxy services and DDOS mitigation technologies is necessary. Experience with TCP/IP, routing and switching is also required
7. Experience with frameworks like ISO 27001/27002, ITIL and COBIT
8. Must be proficient to work with Windows and Unix like operating systems
9. Familiar with Security of cloud-based infrastructure
10.Experience with risk management, network security of both on-premises and cloud infrastructure, firewall management