Responsibilities:
- Identifying and assessing potential security threats to company data and systems and implementing measures to mitigate them.
- Managing and coordinating incident responses to security breaches or threats to contain and recover the service.
- Ensuring the organization complies with relevant laws and regulations standards like ISO 27001, NIST, GDPR, HIPAA.
- Creating and delivering security awareness training programs for employees.
- Develop and enforce security policies, procedures, and training programs.
- Staying up to date on changing trends and technologies related to information security.
- Have technical knowledge on security tools (e.g., SIEM, EDR, firewalls, endpoint protection).
- Lead risk assessments and vulnerability management programs.
- Support internal and external audits with documentation and evidence.
- Provide regular briefings to senior managers on incident status and cybersecurity posture.
Required Skills & Qualifications:
- Bachelor's degree in Computer Science, Information Security, or related field.
- Minimum of 5 years in IT infrastructure security or security operations.
- Strong knowledge of security frameworks and technologies.
- Certifications such as CISSP, CISM, or ISO 27001 Lead Implementer preferred.
- Excellent analytical, communication, and crisis management skills.