Information Security Officer

The Information Security Officer is responsible for safeguarding the organisation’s information assets, systems, and infrastructure.
The role focuses on implementing and maintaining robust cybersecurity controls, ensuring compliance with regulatory requirements, and supporting the organisation’s risk management framework across all business units.If you are agile and have a pioneering mind-set, join a winning team so that we can evolve together.

Qualifications & Experience

Education:  Bachelor’s degree in Information Security IT Computer Science or related field Experience
Minimum 3–5 years of experience in information security IT risk or information security Hands on experience with security tools and frameworks
Certifications (Preferred) CISSP CISM or CISA ISO 27001
Lead Implementer / Lead Auditor CEH would be an advantage
Technical Skills Strong knowledge of: Network and infrastructure security Cloud security (Azure/AWS) SIEM and monitoring tools
Endpoint and email security solutions Familiarity with: ISO 27001 NIST or CIS frameworks
Vulnerability management tools Encryption and data protection mechanisms
Soft Skills Strong analytical and risk assessment capabilities
Excellent communication and stakeholder engagement skills
Ability to translate technical risks into business impact High integrity and attention to detail
Ability to maintain confidentiality Key Competencies
Risk-based thinking Proactive problem-solving
Accountability and ownership Ability to work in a fast-paced regulated environment.

Key Responsibilities

• Information Security Governance Develop implement and maintain the organization’s Information Security Management System (ISMS) aligned with ISO 27001
  Define and enforce security policies standards and procedures across the company
  Support the alignment of IT security with business objectives and risk appetite
• Risk Management & Compliance Conduct regular IT and information security risk assessments
  Maintain and update the risk register ensuring timely mitigation of identified risks
  Ensure compliance with the applicable regulatory frameworks
  Support internal and external audits including ISO certification processes
• Security Operations & Incident Management Audit security tools (SIEM firewalls endpoint protection email security etc.)
  Lead incident detection response and investigation Develop and test incident response plans business continuity (BCP) and disaster recovery (DR) procedures
  Oversee vulnerability management and coordinate penetration testing activities
  Work closely with infrastructure and application teams to embed security-by-design principles
• Third-Party & Vendor Risk Management Assess cybersecurity risks related to vendors and third-party service providers
  Conduct security due diligence and reviews
  Ensure contractual security requirements are defined and enforced
• Security Awareness & Culture Design and deliver security awareness and training programs
  Promote cybersecurity best practices across all staff levels
  Act as a point of contact for security-related queries and guidance
• Reporting & Continuous Improvement Prepare security dashboards and reports for senior management and governance committees
  Track KPIs/KRIs related to cybersecurity posture Stay updated on emerging threats and recommend improvements.