Manager – Technology Risk Management – Information Security
| Education: Minimum: Graduate with CISSP, CISM, ISO 27001 L.A/Implementer, PMP, ITIL, CEH
Additional: Post graduate or global equivalent
|Experience: 4 – 6 years of relevant work experience
Implement and Manage Technology Risk Management Activities
|Create and ensure delivery of a comprehensive risk management framework including, Information Security Risk Assessments (ISRA), maintaining a risk registry, risk ranking information systems and applications, implementing a risk acceptance process, and creating annual risk assessment plans
|Ensure development & implementation of policies/procedures to protect the end point and central IT systems used in processing of client data
|Ensure compliance to ISO 27001 standards
|Conduct periodic VA/PT/ configuration audits and security tests of all IT Infrastructure components
|Conduct Ethical Hacking of all internet facing applications
|Conduct security code reviews
|Safeguard information system assets by identifying and solving potential and actual security problems. Implement technical solutions for improving posture of Information Security
|Interact with other teams to understand business requirements and propose solutions to mitigate the risks to acceptable level.
|Ensure immediate and accurate reporting of any IT Security related incident (intrusion, virus, etc.).
|IT - Hardware, IT - Software