Chief Information Security Officer at Greenwich Registrars & Data Solutions

Job objective

• To ensure adequate control exist around the Information Assets of the organisation to give assurance of Confidentiality Integrity and Availability of the information system.

Duties & Responsibilities

• Communicate the information security policy to all relevant personnel and customers where appropriate.
• Coordinating the implementation of approved information security strategies, programs, and initiatives.
• Implement the requirements of the information security policy.
• Perform periodic information security risk assessments and develop risk treatment plans to address all key risks evaluated.
• Ensure that security controls are documented.
• Quantify and monitor the types, volumes, and impacts of security incidents and malfunctions.
• Monitor achievement against targets.
• Establish and maintain a continual improvement action list.
• Report on improvement activities.
• Ensure that procedures are in place to define the recording, prioritization, business impact, classification, updating, escalation, resolution, and formal closure of all security incidents.
• Ensure that all staff involved in incident management shall have access to relevant information such as known errors, problem resolutions, and the incident management helpdesk.
• Arrange and attend service review meetings on a regular basis.
• Actively seek standardization and automation, apply and implement best practices for managing systems controls and deploy innovative technology where possible to enhance and continuously improve the design and operating effectiveness of the controls, documentation, assessment and review procedures.
• Actively engage with external consultants during Enterprise-Wide Vulnerability Assessment and Penetration Testing VAPT and other IT audit engagements.
• Performing risk assessment: Analyzing current risks and identifying potential risks that are affecting the information system of the company.
• Ensure that controls that meet business requirements are embedded at all levels of system development/acquisition life cycle (SDLC)
• Ensure that changes within the organization are controlled to meet the business requirements of the organization
• Ensure segregation of duties in all business systems and IT infrastructure by enforcing maker-checker controls for greater accountability
• Coordinate and collaborate with various departments within the organization to formulate, implement and disseminate company-wide policies and standards ensuring confidentiality, integrity and availability of information assets.
• Compile Database Access control requirements, procedures, and monitoring compliance with them
• Support Internal Auditors, Internal Control and Financial Control Team with their daily review on Accounts/Transactions.
• Create Schedule Jobs for monitoring GRDS’s daily processes using Oracle and ACL.
• Develop Scripts/SQL queries for generating EOD/EOM/EOY reports.
• Application Testing, API Testing (Swagger, Postman, Azure Microservices etc.)
• Daily Application Server checks for unapproved Changes and its potential impact on security, capacity, release management and service continuity plans.
• Ensuring that controls are implemented to mitigate market, credit, operational and other variants of risk that the institution may be exposed to.
• Coordinate with business units to implement controls considered adequate to mitigate risk
• Coordinate with business units in the implementation of Risk and Control Self-Assessment (RCSA) and preparation of a risk register that covers all risks that the institution is exposed to
• Follow up with the business units on outstanding action items regarding controls noted during the RCSA and in the risk register
• Monitor key risk indicators for all business units and prepare quarterly report.
• Establish procedures for timely identification of emerging risks that may affect the business.
• Any other duties as required by the Head, Risk and Internal Control.

Key Skills and Competence

• Degree in Computer Science/Engineering from a reputable University
• 3 years and above of experience in Information Security
• Good understanding of ISO 27001 control requirement and the process for conducting Risk Assessment and identifying treatment options.

Certification

• ISO 27001 Lead Implementer / ISO 27032 – Lead Cyber Security Manager/CISA/CISM