Responsible for overseeing information security, cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks.
Improve and communicate the maturity levels of information security, state of cybersecurity and IT risk practices across Entrego.
Key Responsibilities and Duties
Ensure standard parameters of systems and network used by Entrego is within best practices
Coordinate the continuous development, implementation and updating of security and privacy policies, standards, guidelines, baselines, processes, and procedures in compliance with local regulations and standards.
Develop and manage the frameworks, processes, tools, and consultancy necessary for IT to properly manage risk and to make risk-based decisions to IT activities.
Proactive identification and mitigation of IT risks as well as responding to observations identified by the third-party auditors while assisting in the development of periodic reports and presenting the level of controls compliance and current IT risk posture.
Assist Entrego with the audits and facilitate management response and remediation efforts.
Ensure overall IT compliance with regulatory requirements through proactive planning and communication, ownership, and relationships.
Identify acceptable levels of residual risk and assist with action plans, policy, and procedural changes for risk mitigation.
Provide strategic recommendation to key IT projects to help improve project results, quality of deliverables, risk optimizations security processes and compliance with regulations.
Facilitate information security management education and training including user awareness programs.
Requirements
Bachelor's degree in computer science or Information management
Experience in risk, compliance, and information security policy
Knowledge of laws and regulations including but not limited to RA10173 or the Data privacy Act of 2012
Experience with development of cybersecurity educational and awareness programs
Excellent organizational and communication skills (both oral and written)
Knowledge of information security processes and controls including risk and control framework.
NIST Frameworks
ITIL v4 best practices
IT security and control best practices
Skills and Certifications that are good to have but not required:
Certification in information security
Advance knowledge in OSI framework
Responsible for overseeing information security, cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks.