IT Executive

Key Responsibilities: ISMS Management : - Implement and manage the ISMS to ensure compliance with ISO 27001 or equivalent frameworks. - Perform risk assessments, vulnerability assessment s, and security audits to identify areas of improvement within the ISMS. - Establish and maintain the organization's security policies, procedures, and controls to protect sensitive information and systems . - Conduct regular reviews and audits of the ISMS to ensure its effectiveness and compliance with industry standards. Risk Management and Security Controls: - Identify potential security risks and vulnerabilities in information systems, and define appropriate security measures to mitigate those risk. - Implement and maintain appropriate security controls to manage risk in areas like data protection, access management, and incident response. - Assist in the development and execution of business continuity and disaster recovery plans. CISO Responsibilities: - Act as a subject matt er expert on information security matters and advise senior management on potential risks, threats, and mitigation strategies. - Ensure that all information security initiatives are in line with the organization's objective s and legal/ regulatory requirements. - Collaborate with different departments to ensure consistent and effective information security practices across the organisation. Compliance and Audits: - Lead internal and external audits related to ISMS and other security standards. - Ensure that the organization complies with information security laws, regulations, and contractual obligations. - Prepare and present regular reports on ISMS performance to senior management and stakeholders. Training and Awareness: - Develop and deliver training programs on informati9n security policies, procedures, and best practices for employees at all levels. - Promote a culture of security awareness and ensure that the organization's workforce adheres to security protocols. Incident Management: - Coordinate and support incident response effort s, ensuring that security incidents are reported, managed, and mitigated promptly. - Conduct post-incident reviews and help improve the organization's security posture based on lessons learned. Documentation and Reporting: - Maintain accurate records of risk assessments, audits, incident reports, and corrective actions. - Generate regular reports to senior management about the performance of the ISMS, risks, and compliance efforts. Qualifications: Certification & Education: - Certified Information Security Officer {CISO) or equivalent certifications such as ISO 27001 Lead Implementer, CISSP, CISM . - Bachelor's degree in Information Security, Information Technology ,Cybersecurity, Computer Science, or a related field (or equivalent experience)(added advantage). Experience: - Proven experience in implementing and managing an ISMS in a corporate environment. - Hand s-on experience with ISO 27001 or other information security frame works. - Experience in risk management, compliance, and security audits. - Experience in handling information security incidents and applying corrective measures. Skills: - Strong understanding of information security governance, risk management, and compliance frameworks. - Ability to assess and mitigate security risks, and implement robust security measures. - Excellent communication and interpersonal skills for working with stakeholders at all levels. - Ability to develop, implement , and maintain security policies, procedures, and awareness programs. Technical Skills {Added Advantage): While not mandatory, the following technical skills are considered an added advantage and will help in the execution of daily ISMS-related tasks: Security Tools and Technologies: - Familiarity with SIEM (Security information and Event Management), vulnerability management tools, firewalls, endpoint protection, and encryption technologies. - Experience with network security protocols such as fire walls, VPNs, IDS/ IPS, and other protective measures. Cloud Security: - Knowledge of securing cloud environments and platforms (e.g., AWS, Azure, Google Cloud). - Experience in implementing cloud security measures such as identity management, data encryption, and secure access controls. Identity and Access Management (IAM): - Experience with 1AM solutions and protocols such as multi-factor authentication (MFA), Single Sign-On (SSO), and role-based access control (RBAC). Automation and Scripting: - Experience with automation tools or scripting languages (e. g., Python, PowerShell) to stream line security tasks and improve operational efficiency. Network and Infrastructure Security: - In-depth knowledge of network security, secure network design, and infrastructure protection. Incident Response and Forensics: - Hands-on experience with incident response tool s, forensic analysis, and managing post-incident investigations. Preferred Qualifications: - Experience with GDPR, HIPAA, or other privacy and regulatory standards. - Familiarity with emerging threats such as ransomware, insider threat s, and cloud-native security risks. - Experience in conducting security awareness training or workshops.