Information Security (GRC & Audit Management)

Position Overview:

The ISMS Governance and Audit Resource will play a key role in the implementation and maintenance of our Information Security Management System (ISMS) in accordance with ISO 27001 standards. This individual will be responsible for overseeing the governance of our ISMS framework, conducting regular audits to ensure compliance, and driving continuous improvement initiatives to enhance our information security posture.

Role & responsibilities:

1. ISMS Implementation: Lead the implementation of the ISMS framework based on ISO 27001 standards, including the development of policies, procedures, and controls to mitigate information security risks.

2. Governance Oversight: Establish and maintain governance processes to ensure the effective management of the ISMS, including regular review and update of policies and procedures, risk assessments, and compliance monitoring.

3. Audit Management: Plan and conduct internal audits of the ISMS to assess compliance with ISO 27001 requirements, identify areas for improvement, and track corrective actions to closure.

4. External Audit Support: Coordinate external audits conducted by certification bodies or regulatory authorities, including preparation of documentation, participation in audit interviews, and addressing audit findings.

5. Risk Management: Collaborate with cross-functional teams to identify, assess, and prioritize information security risks, and develop risk treatment plans to mitigate identified risks.

6. Training and Awareness: Develop and deliver training programs to raise awareness of information security best practices among employees, contractors, and other stakeholders.

7. Continuous Improvement: Drive continuous improvement initiatives to enhance the effectiveness and efficiency of the ISMS, leveraging industry best practices and lessons learned from audits and incidents.

8. Documentation Management: Maintain accurate and up-to-date documentation of the ISMS, including policies, procedures, risk assessments, audit reports, and other relevant records.

9. Other coordination efforts: Involves coordination with Bank team from perspective of IS governance, risk management and implementation of controls.

Education and Certifications:

• Bachelors degree in Computer Science, Information Security, or a related field; Masters degree preferred.
• At least [4] years of experience in information security roles.
• Knowledge of relevant security frameworks and standards, such as OWASP, NIST SP 800-115, and PCI DSS.
• Relevant certifications such as ISO27001 LA/LI, CISA, or equivalent, are highly desirable.
• Strong leadership and interpersonal skills, with the ability to effectively communicate and collaborate with technical and non-technical stakeholders.
• Excellent analytical and problem-solving skills, with a keen attention to detail.
• Good knowledge of MS office especially document writing and Microsoft excel.