Reporting to the ICT Manager, the Information Security Officer must be a self-driven person who will be responsible for establishing and maintaining a corporate wide information security management program to ensure that information assets are adequately protected.
The ISO should be able to translate the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as report on ongoing performance.

Duties and Responsibilities

• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.
• Develop, maintain and publish up-to-date information security policies, standards and guidelines.
• Conduct risk assessments and recommend mitigating controls.
• Identify and evaluate security risks, proposing strategies to mitigate vulnerabilities.
• Develop incident response and disaster recovery plans, ensuring timely response to security breaches. Lead investigations of security incidents and data breaches.
• Ensure compliance with industry standards (e.g., Data Protection Act, GDPR, PCI-DSS) and regulatory requirements.
• Conduct regular audits and risk assessments to identify areas for improvement
• Promote a security-conscious culture within the organization.
• Oversee user access rights to ensure appropriate levels of access are granted based on roles.
• Implement and manage identity and access management solutions.
• Design secure network architectures, enforcing firewalls, VPNs, intrusion detection, and prevention systems.
• Ensure secure configurations of hardware and software Evaluate and manage third-party vendors to ensure they adhere to security policies.
• Conduct security assessments on new vendors or partners. Conduct regular audits and assessments to ensure compliance with security policies and procedures.
• Prepare and present security reports to management, highlighting risks, incidents, and recommendations for improvement
• Undertake any other tasks as assigned.

Key Competencies Required

• Highly analytical problem solving with the ability to apply original and innovative thinking.
• A high level of oral and communication skills in order to communicate effectively with Executives, Senior Managers, Colleagues and other Stakeholders
• Team player with excellent interpersonal skills

Requisite Qualifications

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field.
• Minimum of 5 years of experience in IT security, including security policy development, risk management, and incident response.
• Relevant certifications (e.g., Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), CISA, CISM, ISO 27001 Certified are highly desirable
• Experience with security technologies and tools such as NAC, Firewalls, WAAP, IDS/IPS, antivirus software, and encryption tools.
• Good understanding of the BFSI industry (Banking, Financial Services and Insurance) and knowledge of how Information Technology contributes to success of Financial Institutions.
• Familiarity with security frameworks and standards (e.g., ISO/IEC 27001, NIST).
• Experience in the BFSI (Banking, Financial Services and Insurance) sector will be an added advantage.