Information Security Risk Compliance Manager

Descrption

Seeks an
Information Security Risk Compliance Manager who will have the responsibility
for several functions associated with IT security – from ensuring the security of
software to selecting and/or constructing and deploying broader network
security systems.

Scope of Work

Objectives:

The Information
Security Risk Compliance Manager oversees the organization's efforts in

• Risk
  assessment, Risk mitigation,
  
• Compliance
  management,
  
• Security
  governance, incident response, vendor risk management,
  
• Security
  awareness and training,
  
• Security
  audits and assessments, reporting and communication, continual
  improvement, and cross-functional collaboration.
  
• Their
  role is to ensure that the organization's systems, networks, and processes
  are secure, compliant with regulations and standards, and aligned with
  organizational goals and objectives.
  

Requirements

Responsibilities:

• Conduct
  risk assessments to identify potential threats and vulnerabilities to the
  organization.
  
• Develop
  and implement risk management strategies and policies to mitigate
  identified risks.
  
• Monitor
  and evaluate risk exposure across various departments and business units.
  
• Coordinate
  with stakeholders to ensure compliance with regulatory requirements and
  industry standards.
  
• Communicate
  risk management strategies and findings to senior management and relevant
  stakeholders.
  
• Lead
  the development and maintenance of the organization's risk register and
  risk management framework.
  
• Provide
  guidance and support to departments and teams in implementing risk
  mitigation measures.
  
• Conduct
  training and awareness programs on risk management principles and
  practices.
  
• Continuously
  monitor and review the effectiveness of risk management strategies and
  adjust as necessary.
  
• Stay
  updated on emerging risks and industry trends to proactively address
  potential threats to the organization.
  
• Maintain
  and enhance the company-wide security awareness program.
  
• Take
  ownership of establishing and enforcing security standards both within the
  team and across the organization. Work proactively and collaboratively to
  achieve change management and buy-in.
  

Deliverables:

• Compliance
  Management: Ensure compliance with relevant regulations, standards, and
  frameworks such as GDPR, HIPAA, ISO 27001, NIST, etc., by establishing and
  maintaining appropriate controls and processes.
  
• Risk
  Mitigation: Develop and oversee risk mitigation strategies and controls to
  address identified security risks, including implementing technical
  controls, security best practices, and security awareness training
  programs.
  
• Incident
  Response: Develop and implement incident response plans and procedures to
  effectively respond to and manage security incidents, including data
  breaches, cyberattacks, and security breaches.
  
• Vendor
  Risk Management: Assess and manage risks associated with third-party
  vendors and service providers, including evaluating their security
  posture, conducting due diligence assessments, and ensuring contractual compliance.
  
• Cross-functional
  collaboration: Collaborate with IT teams, legal, HR, compliance, and other
  departments to ensure a holistic approach to information security risk
  management and compliance.
  
• Continual
  Improvement: Monitor industry trends, emerging threats, and regulatory
  changes to ensure that the organization's information security risk and
  compliance programs remain up-todate and effective.
  

Preferred
Skills:

• Excellent
  verbal and written communication skills.
  
• Ability
  to work both independently and as part of a team.
  
• Knowledge
  of Networking (Firewall, Networking Protocols);
  
• Working
  knowledge Frameworks
  
• Working
  knowledge of Information Security Domains
  
• Working
  knowledge of Security protocols