Information Security Officer

Ensure compliance with information security policies during mega sports events and non-event periods. Monitor vulnerabilities, implement safeguards, and educate staff for a secure information environment.

• Primary responsible for planning, coordinating and organizing information Security activities
• Enforce and monitor the implementation and compliance with IT Information Security Policy.
• Develop and manage the implementation of Information Security Policies and Procedures.
• Ensure Risk Assessments are conducted on all information systems such as people, process, technology and information processing facilities.
• Ensure implementation of all Information Security controls, as set forth in the Risk Treatment Plan, to ensure adequate security for the respective system.
• Conduct Information Security communications and outreach by leveraging the Information Security Management System (ISMS) committee.
• Establish appropriate measures to assess operational capabilities and determine compliance and effectiveness levels with Information Security Policy.
• Supervise other related assurance functions, as necessary
• Ensure the compliance of Information Security Policies in the organization.
• Develop and ensure implementation of Information Security procedures.
• Develop and ensure implementation of incident handling and reporting.
• Follow-up, escalate and report the resolution of Information Security issues identified during security assessments, penetration tests and audits.
• Develop, implement and maintain Disaster Recovery (DR) procedures and infrastructure in relation to the Business Continuity Plan (BCP)/ IT Service Contingency Plan.
• Conduct and coordinate Information Security awareness and orientation programs
• Responsible for conducting Committee meeting

• Incident Management:
  Establish a formal procedure for internally reporting and tracking security incidents ensure incident response and escalation procedures are followed, and inform all employees, contractors, and third‑party users of their responsibility to report security incidents.
• Incident Handling:
  Participate and/or oversee in the investigation and management of information security events and policy violations and track to conclusion.
• Incident Notification and Reporting:
  Follow policy for the notification and reporting of incidents immediately upon discovery.
• Lessons Learned:
  Develop and document corrective action plans and implement preventive actions to mitigate recurrence.
• Analyze a Security incident to detect an underlying problem that exists or is likely to exist.
• Categorize and prioritize the problem based on the frequency, severity and impact of incident.
• Investigate and diagnose the root cause of the problem.
• Test and apply the temporary workarounds.
• Document the known error record.

• Create a formal process to address risk through the coordination and control of activities regarding each risk.
• Risk Assessment:
  Conduct formal vulnerability assessments of the environment on a regular basis.
• Risk Mitigation:
  Create a formal process to mitigate vulnerabilities.

• Operational Procedures:
  Lead in the development and documentation of operating procedures.
• Protecting Against Malicious Code:
  Activities required for the prevention and detection of malicious code, which could cause a disruption in business.
• Backup Functions:
  Lead activities required for the integrity and availability of information and systems.
• Network Security Management:
  Activities required for the protection of networks and supporting infrastructure.
• Media Handling:
  Activities for the prevention of unauthorized disclosure, modification, removal, or destruction of information.
• Exchange of Information:
  Lead in the development and implementation of a formal information and application exchange with internal and external entities.
• Electronic Messaging:
  Lead in the development of policies and procedures needed to protect electronic messages and systems.
• Electronic Online Services:
  Lead in the development of security measures to ensure the integrity and confidentiality of information systems accessed from outside.
• Monitoring:
  Ensure that operational policies and procedures are being followed.
• Internal Compliance:
  Implement internal procedures to ensure compliance requirements are met, organizational records are protected, and controls are in place.

• 8+ of experience in systems, Network & IT security and 5+ Year of experience in Information Security.

• Bachelor’s Engineering Degree in Computer Science/Electronics & Communication Science.
• Certification in Information Security by an international established, approved consortium like ISACA, ISC2 etc.