Information Security Officer

Job Summary :We are seeking a highly motivated and experienced Information Security Compliance Officer to join our team. The ideal candidate will be responsible for ensuring the organization's adherence to relevant information security standards, regulations, and policies. This role requires a strong understanding of security frameworks, risk management principles, and the ability to translate compliance requirements into actionable strategies. Key Responsibilities :Compliance Management :

• Develop, implement, and maintain information security compliance programs aligned with industry standards and regulations (e., ISO 27001, NIST, GDPR, HIPAA, PCI DSS).
• Conduct regular compliance assessments and audits to identify gaps and ensure adherence to requirements.
• Monitor changes in regulatory requirements and update compliance programs accordingly.
• Prepare and submit compliance reports to regulatory bodies and internal stakeholders.

Policy and Procedure Development :

• Develop and maintain information security policies, standards, and procedures.
• Ensure policies are communicated and understood throughout the organization.
• Review and update policies to reflect changes in technology and regulatory requirements.

Risk Management :

• Conduct risk assessments and identify potential security vulnerabilities.
• Develop and implement risk mitigation strategies.
• Monitor and report on security risks and compliance status.

Security Awareness Training :

• Develop and deliver security awareness training programs for employees.
• Promote a culture of security awareness and compliance throughout the organization.
• Educate employees on security best practices and compliance requirements.

Incident Response :

• Participate in incident response activities and investigations.
• Ensure compliance with incident reporting and notification requirements.
• Develop and maintain incident response plans and procedures.

Audit and Assessment Support :

• Support internal and external audits and assessments.
• Provide documentation and evidence to demonstrate compliance.
• Implement corrective actions to address audit findings.

Vendor Management :

• Assess the security and compliance of third-party vendors and service providers.
• Ensure vendor compliance with security policies and standards.
• Conduct vendor security audits and assessments.

Stakeholder Communication :

• Communicate effectively with internal and external stakeholders on security and compliance matters.
• Provide guidance and support to business units on compliance requirements.
• Prepare and present reports on compliance status and security risks.

Qualifications :

• Experience:5 of experience in information security compliance or related roles.
• Education: Bachelor's degree in Information Security, Computer Science, or a related field.
• Compliance Knowledge: Strong understanding of information security standards and regulations (ISO 27001, NIST, GDPR, HIPAA, PCI DSS).
• Risk Management: Knowledge of risk assessment and management methodologies.
• Policy Development: Experience in developing and implementing security policies and procedures.

Technical Skills :

• Familiarity with security technologies and tools.
• Knowledge of network and system security principles.
• Understanding of data privacy and protection concepts.

Soft Skills :

• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills.
• Ability to work independently and as part of a team.
• Strong attention to detail and accuracy.
• Ability to manage multiple projects and priorities.

Preferred Qualifications :

• Professional certifications (e., CISSP, CISA, CISM, ISO 27001 Lead Auditor).
• Experience with specific industry regulations and standards relevant to the company's business.
• Experience with security information and event management (SIEM) systems.
• Experience with vulnerability management and penetration testing.
• Experience with cloud security )