To assist in leading the company’s information risk and security effort, by the provision of specialist, policy-based, information risk and security services.
Job Responsibilities
- Formulation, dissemination and maintenance of enterprise-wide information security policies, standards and processes.
- Co-ordinate the planning, design and implementation of a robust information security awareness program. Provide specialist guidance to company employees on general and emerging information risks and security matters.
- Ensure compliance to relevant regulatory standards and IT security best practices such as ISO 27001/2, PCI DSS and EU GDPR.
- Review and maintain the company’s cyber security and aircraft network security programs.
- Establish and maintain a robust cyber security incident response program and processes.
- Conduct information security incidents investigations and forensics. Ensure timely reporting and resolution.
- Conduct regular IT security risks assessments of systems and infrastructure. Ensure adequate controls are in place and mitigation actions are implemented.
- Implementation of information security technologies. Ensure optimization and drive utilization of information security tools. Regularly monitor the company’s information security tools and ensure timely reporting of threats, offences, risks and policy violations.
- Proactively monitor security threats and risks. Continuously research and recommend suitable solutions to further secure and safeguard company systems and assets. Share this knowledge with relevant personnel, thereby adding value to the wider organization.
- Provide expert, timely, and relevant advice to management on information risks and security. Ensure the company leadership is informed and knowledgeable about information security-related issues and activities affecting the company