Responsible to ensure constant review to understand the evolving and emerging compliance requirements and incorporate them in the division compliance program.
Responsible to assist the section and the department manager in establishing a compliance program ensuring compliance with relevant regulatory requirements affecting cyber security across the Organization.
Responsible to work with and involve representatives from key areas for the successful implementation of the information security compliance program.
Responsible to conduct gap assessment to identify compliance gaps, propose remediation plan, work with owners to ensure the gaps are addressed timely and also to ensure the gap assessments result in the update of cyber security policy, standards and procedures to accommodate any necessary changes.
Responsible to ensure that all critical information security compliance programs including PCI DSS, ISO 27001, CA-CIB and other mandatory (inter) national industry standards are complied.
Assist the dept. manager for establishing a vulnerability and patch management program and coordinate the required security scan activities with the SOC team.
The Information Security officer shall assist the department head in coordinating activities internal and external auditors including PCI QSA, ISO 27001 external auditor, and internal BSF audit division and with all B/Ls and support divisions.
Responsible to conduct periodic Information Security risk assessment for major applications and critical business processes and major IT Infrastructure and services as per the guidelines of section and department Head.
Develops and updates the Threats and Vulnerabilities databases and the controls database.
Performs detailed threat and vulnerability impact assessment, assigns impact ratings and makes adjustments in the overall risk ratings for the IT infrastructure being assessed.
Identifies the impact of the new threats and vulnerabilities on various assets.
Responsible for coordinating and performing periodic internal and external penetration testing for major services.
Conduct physical security reviews and assessment on major IT infrastructure i.e. Data Center and DRC.