Information Security Officer

TSA is an Australian-owned business specializing in helping companies acquire, retain and grow their consumer customer bases. We represent some of the country's largest brands, across eight call centres in Australia and internationally.
We're a purpose driven business and our mission is clear. We endeavor to create experiences that people love, by revolutionizing the way they connect and communicate with brands.
What should you expect from this role? Competitive Salary Package Onsite Work Set Up Monday to Friday shift (9AM - 6PM)2 Full time Roles Available Job Description The Information Security Officer will plan, implement, upgrade, and monitor security protocols for the protection of the TSA's computer networks and information.
The Information Security Officer will foster collaboration between IT and business units, ensuring compliance in Technology programs and projects, and working closely with Internal and External Audit teams throughout the process. They will also manage the process of gathering, analysing, and assessing information security and privacy threats while maintaining and monitoring evolving security best practices.
Information Security Officer will be responsible for overseeing information security, cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks. This individual will be an integral part of the Information Technology organisation reporting directly to the VP of Engineering to help improve and communicate the maturity levels of information security, state of cybersecurity and IT risk practices across TSA.
Responsibilities Manage organisation-wide information security governance processes, chair the Information Security Advisory Committee and lead Information Security Liaisons in the establishment of an information security program and project priorities. Work with TSA leadership to oversee the formation and operations of a company-wide information security organization that is organised toward a common goal in information security. Plan information security processes to establish an inclusive and comprehensive information security program for the entire organisation in support of business operations and technology. Support and manage IT security controls, Collaborate on Risk Control Matrix, and all Compliance related activities to ensure they are well established, documented, and followed. Ensure implementation, and maintenance of TSA's ISO27001 ISMS accreditation Plan and establish organisation-wide Information security Management System (ISMS) in accordance with ISO/IEC 27001 Standard, and other relevant security standards. Develop and implements plans to safeguard digital data from accidental or unauthorised modification, destruction, or disclosure; adheres to emergency data processing needs. Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for TSA's information and technology systems. Assist in the maintenance and preparation of clear, detailed and accurate compliance documentation, including process narratives, flow charts, control descriptions, risk control matrices, test programs, test results, and management responses and remediation. Being responsive to questions and assistance requests from control owners and business owners Drive consensus on measurable gains in IT compliance and information security practice maturity and measure progress towards them. Work with internal teams and outside consultants as appropriate on required security assessments and audits. Manage internal and external auditor requirements and compliance adherence Interface closely with cross-functional teams including IT Operations, IT Engineering, Business Operation, Finance, and Internal/External Audit. Coordinate and track all information technology and security related audits including scope of audits, business units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the organisation in its best light. Provide guidance, evaluation and advocacy on audit responses. Lead walk throughs between process owners and audit teams. Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise. Convene Ad Hoc Security Committee as appropriate and provide leadership for breach response and notification actions for the organisation. Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk. Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies. Examine impacts of new technologies on the organisation's overall information security. Establish processes to review implementation of new technologies to ensure security compliance. Performs risk assessments, audits, and tests to ensure proper functioning of data processing activities and security measures. Collaborate with IT control owners to ensure timely completion of period controls and compliance Work directly with the business units to facilitate risk assessment and risk management processes Assists in annual planning and maintenance of risk control matrix for relevant IT systems and controls Partner with business stakeholders across the company to raise awareness of risk management concerns Review and help refinement of controls and compliance and identify opportunities to ensure proactive management and mitigation of Risks. Collaborate with teams to ensure new software programs meets compliance requirements before they are made operational Support and manage detailed testing of controls to ensure risks are appropriately identified, associated audit procedures are applied and related controls are designed and operating to mitigate the identified risks Assist Governance, Risk and Compliance teams in documenting and reporting control deficiencies upon discussion with business owners, Internal Auditors and collaborate with business owners regarding recommendations to address the root cause of issues and report support implementation of management remedial actions Partner with internal external advisors regarding ISO certification Perform Business and Privacy Impact Assessments Work closely with IT leaders, technical experts and business leaders across the organisation on a wide variety of security issues that require an in-depth understanding of the IT environment in their business units. Create education and awareness programs and advise operating business units at all levels on security issues, best practices, and vulnerabilities. Work with various technical business groups such as technical leaders, network and systems engineers, to build awareness and a sense of common purpose around security. Drive employee security awareness program along with HR Pursue staff security initiatives to address unique needs in protecting identity theft, mobile social media security and online reputation program. Awareness of tasks assigned, fortnightly in advance, and delivery dates of the approved Project Plan. Escalate issues which impact the end date of the assigned tasks as soon as practicable to the Team Lead or Project Manager Ensure quality of the deliverables by way of testing or peer reviews and obtain sign off from the appropriate stakeholder Ensure tasks assigned are completed within the agreed scope, budget and timeframe Assist team members with tasks as required and outlined in the Project Scope. Complete assigned tasks in accordance with the approved Project Plan. Ensure that systems and solutions implemented to production meet the Zero Business Impact Principle Ensure that IT solution outcomes are robust and meet production standards Ensure that IT Operational Services meet the agreed Service Levels and Standards Deliver high value customer services Systems and infrastructure meets business needs and service levels Service level reporting achieving 99.90% Zero business impact of change management Ensuring the IT Budget spend is effective and within the agreed organisational approvals Customer satisfaction is rated highly and recognised by our colleague. Perform special projects and other duties as assigned. Qualifications Minimum 3 years' experience in Information Security with a good understandingof security operations. Significant knowledge of Risk Management Frameworks and Vulnerability Management. Proven experience implementing and managing a Governance, Risk andCompliance program. Extensive knowledge of ISO 27001 standard and requirements. Proven experience in developing Information Security strategies. Proven experience and strong understanding of SIEM (Security Incident and Event Management). Proficient, or able to gain proficiency with, a broad array of security software applications and tools. Thorough understanding of computer-related security systems including firewalls, encryption, and password protection and authentication. Experience running cyber-security exercises. Demonstrated ability to work on security projects. Proven ability to communicate technical issues with non-technical and non-security focused people. Ability to perform analysis of security risks and develop mitigation strategies. Strong organisational skills allied to good time management and high attention Ability to manage and motivate self, work with minimal direction and to exercise initiative and discretionary judgement. Self-starter and able to operate autonomously, but also able to be a successful team player. Good communicator and able to articulate requirements and expectations Collaborative in nature Excellent oral and written communication skills. Demonstrated problem-solving and analytical skills. Proficient in Microsoft Office Suite or related software. Organised with attention to detail. Performs related duties as assigned or requested. Ability to foster working relationships with the IT team, Management and Clients. Technical awareness: Familiarity with the ISO27000 family of certifications Knowledge of Australian privacy principles PCI DSS requirements and systems Qualifications: Bachelor's degree – Engineering, Information Technology, or equivalent industry experience Industry security certifications 3 years of experience in managing and working with Internal Auditors, External Auditors and with IT Security teams. Demonstrated experience in implementing, maintaining and improving information security risk. management systems in alignment with ISO 27001/27002. Additional Information At TSA, the health, safety and well-being of our team is our number one priority! In response to the COVID-19 pandemic we have introduced a number of robust practices to keep our team safe, such as; physical distancing measures, control measures for our visitors, temperature testing, isolation requirements where applicable and so much more.
We take our responsibility to protect the health and well-being of our team and our community very seriously.
IMPORTANT : The Inter-Agency Task Force for the Management of Emerging Infectious Diseases (IATF) issued Resolution No. 148-B which states that, effective December 1, 2021, all employees reporting on-site must be vaccinated against COVID-19. If you have questions regarding this guideline, please make sure to discuss this with our Recruitment Team during job offer.
Like & Share the TSA FB Page and be up to date with TSA News! 14F Five E-com Center, Harbor Drive, Mall of Asia Business Complex, Pasay City, Metro Manila, Philippines 1300
#J-18808-Ljbffr