The Information Security Officer will plan, implement, upgrade, and monitor security protocols for the protection of the TSA’s computer networks and information.
The Information Security Officer will foster collaboration between IT and business units, ensuring compliance in Technology programs and projects, and working closely with Internal and External Audit teams throughout the process. They will also manage the process of gathering, analysing, and assessing information security and privacy threats while maintaining and monitoring evolving security best practices.
Information Security Officer will be responsible for overseeing information security, cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks. This individual will be an integral part of the Information Technology organisation reporting directly to the VP of Engineering to help improve and communicate the maturity levels of information security, state of cybersecurity and IT risk practices across TSA.
Responsibilities
- Document controller
- Collate and organise documents related to compliance against international standards and regulatory requirements
- Engage with ISMS stakeholders and other business unit heads and representatives in collecting pertinent documents
- Manage documents and track versions, changes, and revisions according to emerging trends, regulatory and industry standard requirements - Compliance management
- Work with the information security team in performing gap analysis, policy and procedure development
- Review and assess compliance of initiatives against adopted standards of the organisation (ISO 27001:2022, PCI DSS, etc.)
- Review and assess compliance requirements against regulations of Office of the Australian Information Commissioner (OAIC), National Privacy Commission (NPC) for the Philippines, and Office of the Privacy Commissioner (OPC) for New Zealand.
- Review and assess compliance requirements against other pertinent regulations such as GDPR and other similar privacy and security regulations, and international standards such as CIS Controls, NIST CSF 2.0, NIST RMF, and other similar standards. - Governance and risk management
- Assist the information security team in engaging with ISMS stakeholders of the TSA security governance program initiatives and requirements.
- Assist the information security team in third-party risk management and other pertinent process and procedures related to managing security risks over vendors and third-party service providers.
- Perform risk assessments and risk reviews pertinent to the ISMS according to ISO 27001, PCI DSS and other relevant security and privacy standards.
- Provide security awareness to all employees by means of presentations, communications and other methodologies adopted by TSA and provide recommendations for strengthening and ensuring delivery of the security awareness campaign. - Security Incident management
- Work with the information security team in reviewing, revising, and developing incident response plan and playbook
- Regularly perform preparations and capability assessments and testing of incident response of TSA
- Collaborate with information security team and IT specialists and engineers in determining areas for improvement with regards to incident response handling - Cyber threat intelligence and vulnerability management
- Perform threat intelligence through OSINT and other open-source methodologies
- Assist the information security team in preparation and planning VAPT and red teaming activities
- Develop, collate, and manage related documents in threat and vulnerability management.
