Job Description

Responsible for developing, implementing, and maintaining information security programs and practices to protect the organization's sensitive data, systems, and infrastructure. This role involves assessing security risks, developing security policies and procedures, conducting security audits and assessments, and implementing security controls to safeguard against cyber threats and data breaches. The Information Security Specialist collaborates with IT teams, business units, and stakeholders to promote a culture of security awareness and compliance with security standards and regulations. 
 

Responsibilities

Key Responsibilities:

Information Security Governance:

• Develop, implement, and maintain information security policies, standards, and procedures based on industry best practices and regulatory requirements.
• Establish information security governance frameworks, risk management processes, and compliance programs to ensure the confidentiality, integrity, and availability of organizational assets.

Security Risk Management:

• Identify, assess, and prioritize security risks and vulnerabilities across the organization's systems, applications, and networks using risk assessment methodologies.
• Develop risk mitigation strategies, security controls, and action plans to address identified risks and vulnerabilities and reduce the organization's exposure to cyber threats.

Security Awareness and Training:

• Develop and deliver information security awareness training and education programs for employees, contractors, and third-party vendors to promote security awareness and compliance with security policies.
• Conduct phishing simulations, security awareness campaigns, and employee training sessions to increase awareness of security threats and best practices for safeguarding sensitive information.

Security Incident Response:

• Establish incident response procedures, playbooks, and escalation protocols to effectively respond to security incidents, data breaches, and cyber-attacks.
• Lead incident response activities, including incident detection, analysis, containment, eradication, and recovery, and coordinate with internal teams and external stakeholders to mitigate security risks and minimize impact.

Security Compliance and Auditing:

• Ensure compliance with relevant information security standards, regulations, and industry frameworks, such as ISO 27001, NIST, GDPR, HIPAA, and PCI DSS.
• Conduct security audits, assessments, and compliance reviews to evaluate adherence to security policies, assess security controls effectiveness, and identify areas for improvement.

Security Architecture and Design:

• Provide security guidance and recommendations to IT teams and system architects during the design, development, and implementation of new systems, applications, and infrastructure.
• Review system architecture designs, technical specifications, and security controls to ensure alignment with security requirements and principles.

Security Monitoring and Incident Detection:

• Deploy and maintain security monitoring tools, intrusion detection systems (IDS), and security information and event management (SIEM) solutions to detect and respond to security threats in real-time.
• Monitor security logs, alerts, and events, investigate security incidents, and conduct forensic analysis to identify root causes and security weaknesses.

Security Technology Evaluation and Implementation:

• Evaluate emerging security technologies, products, and solutions to assess their suitability and effectiveness in addressing security risks and enhancing the organization's security posture.
• Lead security technology implementation projects, including solution design, configuration, testing, and deployment, in collaboration with IT teams and vendors.

Requirements

Required Qualifications:

Education and Experience:

• A Master’s degree in computer science, information security, cybersecurity, Telecommunications, Information Systems Management, Electronics and Communication Engineering. 

Or

• Minimum of a Bachelor's degree in computer science, information security, cybersecurity, Telecommunications, Information Systems Management, Electronics and Communication Engineering with at least 3 years of relevant experience.  

Skills and competencies

• In-depth knowledge of information security standards, frameworks, and regulations, including ISO 27001, NIST Cybersecurity Framework, GDPR, HIPAA, and PCI DSS.
• Experience with security risk management, security assessment methodologies, and security controls implementation in complex IT environments.
• Proficiency in security tools and technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), SIEM solutions, endpoint protection, and encryption technologies.
• Strong analytical skills, problem-solving abilities, and attention to detail in assessing security risks, analyzing security incidents, and developing risk mitigation strategies.
• Excellent communication and interpersonal skills, with the ability to communicate complex security concepts to technical and non-technical audiences and collaborate effectively with cross-functional teams.
• Ability to work independently, manage multiple projects and priorities, and adapt to changing security threats and business requirements in a dynamic environment.