Chief Information Security Officer - BFS

Role Overview:

To manage and oversee the information security of a company, inclusion its systems and data. Assure that information created, acquired or maintained by Org and its authorized users, is in accordance with its intended purpose and complies with statutory and regulatory requirements regarding information access, security and privacy in order to protect information and its infrastructure from external and internal threats.

Information Security Framework:

- Develop, update and drive the policies, processes, systems, guidelines & best practices related to information security to protect sensitive information and assets.

- Establish & monitor the governance structure for data storage, usage & access control.

- Establish and communicate organizational cybersecurity policy.

- Developing information security roadmaps, business cases and reviewing remediation plans

Risk Management:

- Conduct regular risk assessments to identify potential security threats and vulnerabilities and develop strategies to mitigate these risks.

- Support in performing information security risk assessments for all new projects/ business initiatives and prepare risk report for stakeholders involved to ensure that those are taken into consideration during implementation.

- Ensure compliance with relevant laws, regulations, and industry standards, such as the Payment Card Industry Data Security Standard (PCI DSS) and the General Data Protection Regulation (GDPR).

- Develop processes and frameworks to measure information security compliance level of the organization to ensure all external and internal policies are adhered to

Incident Reporting and Response System:

- Develop an information security incident monitoring and reporting system to continuously monitor information security breaches, policy violations or complaints from external and internal parties.

- Lead incident response efforts in the event of a security breach, and work with law enforcement and other relevant organizations to investigate and resolve the incident.

- Investigate potential privacy incidents, complaints or breaches, including notifications to authorities and other resolution efforts.

- Conduct internal line of duty investigations and analyse the findings of investigations and recommend incorporation of suitable changes in the action plans and policies/ systems