Information Security Governance Role

Job Summary:

- We are seeking a highly motivated and experienced Information Security Governance Specialist/Manager to join our team.

- In this role, you will be responsible for developing, implementing, and maintaining our information security governance framework, ensuring alignment with industry best practices and regulatory requirements.

- You will work closely with stakeholders across the organization to promote a strong security culture and ensure the protection of our information assets.

- The ideal candidate will possess a deep understanding of information security principles, excellent communication skills, and a proven track record of implementing effective governance programs.

Responsibilities:

Governance Framework Development and Implementation:

- Develop and maintain the organization's information security governance framework, including policies, standards, and procedures.

- Ensure alignment with industry best practices (e.g., ISO 27001, NIST CSF) and regulatory requirements (e.g, GDPR, HIPAA, PCI DSS).

- Implement and monitor security controls to mitigate risks and ensure compliance.

- Establish and maintain a risk management framework for information security.

Policy and Standard Management:

- Develop, review, and update information security policies, standards, and guidelines.

- Communicate policies and standards effectively to all stakeholders.

- Ensure policies and standards are consistently applied across the organization.

Risk Assessment and Management:

- Conduct regular risk assessments to identify and evaluate information security risks.

- Develop and implement risk mitigation strategies and controls.

- Monitor and report on risk management activities.

Compliance Management:

- Ensure compliance with relevant laws, regulations, and industry standards.

- Conduct internal and external audits to assess compliance.

- Develop and implement corrective action plans to address compliance gaps.

- Maintain documentation for compliance activities.

Security Awareness and Training:

- Develop and deliver information security awareness and training programs.

- Promote a strong security culture across the organization.

- Educate employees on their roles and responsibilities in protecting information assets.

Incident Response and Management:

- Participate in incident response activities, including investigation and remediation.

- Develop and maintain incident response plans and procedures.

- Conduct post-incident reviews and implement lessons learned.

Vendor Security Management:

- Assess and manage the security risks associated with third-party vendors and partners.

- Develop and implement vendor security policies and procedures.

- Conduct vendor security assessments and audits.

Reporting and Communication:

- Prepare and present reports on information security governance activities to senior management.

- Communicate security risks and compliance status to stakeholders.

- Maintain accurate and up-to-date documentation.

Continuous Improvement:

- Stay up-to-date with the latest information security trends and technologies.

- Identify opportunities to improve the organization's security posture.

- Implement continuous improvement initiatives for security governance processes.

Qualifications:

Education:

- Bachelor's degree in Information Security, Computer Science, or a related field.

Experience:

- 3 years of experience in information security governance, risk management, or compliance.

- Strong understanding of information security principles and best practices.

- Experience with relevant frameworks and standards (e.g., ISO 27001, NIST CSF, COBIT).

- Experience with regulatory compliance (e.g., GDPR, HIPAA, PCI DSS).

Technical Skills:

- Knowledge of security technologies and tools.

- Proficiency in risk assessment and management methodologies.

- Understanding of audit and compliance processes.

- Familiarity with data privacy and protection principles.

Soft Skills:

- Excellent communication and interpersonal skills.

- Strong analytical and problem-solving skills.

- Ability to work independently and as part of a team.

- Strong attention to detail and accuracy.

- Excellent organizational and time management skills.

Preferred Qualifications:

- Relevant certifications (e.g., CISSP, CISM, CISA, CRISC).

- Experience in a specific industry sector relevant to the company.

- Experience with security governance software and tools.

- Advanced degree in Information Security or a related field