Ensure that all necessary security policies and procedures are established and maintained in relation to the on-going service operation.
Ensure on-going compliance with standards such as ISO27001, PCI DSS. Support the maintenance of current accreditations and communicating closely with the necessary governing bodies / accreditors.
Support strategic security planning to achieve business goals by prioritising defence initiatives and co-ordinating the evaluation, deployment, and management of current and future security technologies.
Support development, implementation, maintenance and oversight for enforcement of policies, procedures and associated plans for all system and information security requirements based on industry-standard best practices. Recommend and implement changes in security policies and practices in accordance with changes in legislation, business and contractual terms.
Support the security incident process such that all stakeholders understand and perform their duties when an incident occurs.
Support penetration testing of all systems in order to identify system vulnerabilities and assist with coordination of remediation.
Support the operation of administration of computer security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus software.
Review and recommend improvements for connection security for local area networks, the company Website, intranet and e-mail communications.
Support the design and delivery of security awareness training across all operational units.
Act as company contact and representative for internal and third party audits and a subject matter expert for security and risk questions as required.
Ensure all 3rd Party Service Providers comply with security standards in relation to the services they provide and support security audits on suppliers to ensure compliance.
Support efforts of the firm to continually improve while developing efficient processes and services. |