Responsibilities:
• Security Program Development and Management:
Develop and oversee the organization's information security program, including policies, procedures, and technical standards.
Conduct regular risk assessments and vulnerability assessments, ensuring that identified risks are effectively managed and mitigated.
Continuously evaluate the effectiveness of security controls and adjust strategies as needed.
• Security Operations and Incident Response:
Develop and maintain incident response procedures and playbooks.
Oversee security monitoring, threat detection, and remediation activities.
• Risk and Compliance Management:
Ensure compliance with relevant security standards and regulations (e.g., ISO 27001, GDPR, HIPAA, PCI-DSS).
Conduct regular audits to assess compliance and identify potential risks.
Collaborate with internal and external auditors, regulatory bodies, and clients as needed.
• Strategic Planning and Stakeholder Collaboration
Work closely with IT and business teams to align security initiatives with business goals.
Present security metrics, reports, and program updates to senior management and stakeholders.
Identify emerging security threats and evaluate new security technologies to improve the organization’s defenses.
• Security Architecture and Tools Management
Oversee the design, implementation, and maintenance of security architecture and tools, including firewalls, IDS/IPS, SIEM, DLP, and endpoint protection solutions.
Evaluate, recommend, and manage vendor relationships for security tools and services.