Awareness and Training: Develop and implement security awareness and training programs to educate employees on security best practices and policies.
Security Compliance Accreditations : Manage and maintain compliance with security standards such as ISO 27001/17/18, SOC 2, PCI DSS, and other relevant frameworks.
Supply Chain Security: Oversee the security assessment and management of third-party vendors and suppliers to ensure they meet security requirements.
Product Security Compliance : Ensure that products comply with security requirements and standards throughout their lifecycle.
Information Security Risk Management: Identify, assess, and manage information security risks across the organization, including risk mitigation strategies.
Policies and Procedures Development and Governance : Develop, update, and enforce information security policies, procedures, and standards to align with best practices and regulatory requirements.
Privacy Representation: Act as the privacy champion for the IT department, representing the organization on privacy matters and ensuring compliance with privacy regulations.
Security Assessments and RFP Support: Support the security assessment process and provide expertise during the RFP process from the security department side.
Qualifications
Education: Bachelor’s degree in information security, Computer Science, or a related field. Advanced degrees and relevant certifications (CISSP, CISM, CISA, etc.) are highly desirable.
Experience: Minimum of 5 years of experience in information security, risk management, or compliance roles, with at least 2 years in a leadership or team management position.
Technical Skills: Strong understanding of information security principles, frameworks, and standards (e.g., ISO 27001, SOC 2, PCI DSS). Experience with security risk assessments, compliance audits, and security policy development.
Leadership Skills: Proven ability to lead and develop a team, with strong project management and organizational skills.
Communication Skills: Excellent written and verbal communication skills, with the ability to articulate complex security concepts to diverse audiences.
Problem-Solving Skills: Strong analytical and problem-solving skills, with the ability to think strategically and implement effective solutions.
Interpersonal Skills: Ability to collaborate effectively with cross-functional teams and build strong relationships with stakeholders.
Privacy Knowledge: Familiarity with privacy regulations (e.g., GDPR, CCPA) and experience in privacy compliance is a plus.
Excellent written English skills.
Hybrid work arrangement (2 days remote, 3 days in the office).