Role Description
The IT Security Officer serves as the process and policy owner related to the availability, integrity and confidentiality of customer, business partner, employee and business information/data. A key element of the IT Security Officer’s role is working with executive management to determine acceptable levels of risk for the organization. This position is responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected.
Key functions
- Security Operations:
- own and drive security education and security awareness programs across the organization
- own, drive and continuously improve security processes, policies and tooling
- real-time analysis and triage of security threats and incidents
- proactively educate and inform executive management of developing security threats
- develop, implement and execute a strategic, comprehensive enterprise information security and IT risk management program
- Application Security:
- introduce application and infrastructure security monitoring processes and tooling
- design and manage and run application and infrastructure security testing (internally and with 3rd parties)
- Security governance:
- make sure that security related initiatives are understood and funded
- lead and drive future company security certification programs
- represent the company security in front of technology partners
- conduct internal technical and organizational audits
- manage and support external audits
- manage, handling and resolve security incident response cases
- degree in business administration or a technology-related field required
- 5+ years of hands-on IT security experience
- experience in risk management, information security and IT security
- knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST
- knowledge of PCI-DSS requirements for merchants working with BSP supervised financial institutions
- excellent written and verbal communication skills and high level of personal integrity and empathy
- innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
- experience with contract and vendor negotiations and management including managed services