The Information Security Expert is responsible for establishing, maintaining, and continuously improving the organization's information security governance, risk management, and compliance frameworks.
The role provides expert-level assurance, advisory, and operational oversight to protect information assets, ensure regulatory compliance, and strengthen cyber resilience in alignment with government cybersecurity regulations and international standards.
Key Responsibilities:
A. Information Security Governance & Strategy
- Develop, implement, and maintain information security policies, standards, procedures, and guidelines.
- Ensure alignment of the information security framework with organizational objectives, government cybersecurity mandates, and industry best practices.
- Contribute to the development and execution of the organization's cybersecurity strategy and roadmap.
B. Risk Management & Compliance
- Lead information security risk assessments, threat modeling, and vulnerability assessments across systems, applications, and infrastructure.
- Identify, assess, and monitor cyber risks and ensure appropriate mitigation measures are implemented.
- Ensure compliance with applicable cybersecurity and data protection regulations, including government information security standards and international frameworks (e.g., ISO/IEC 27001).
C. Security Operations & Incident Management
- Oversee and support security monitoring, incident detection, response, and recovery activities.
- Lead or coordinate investigation of information security incidents and breaches, including root cause analysis and corrective action planning.
- Ensure incident response plans, business continuity, and disaster recovery controls are tested and effective.
D. Assurance, Audits & Assessments
- Plan and conduct information security audits, assessments, and control reviews.
- Coordinate internal and external audits related to cybersecurity, data protection, and IT controls.
- Track and follow up on remediation of audit findings and security gaps.
E. Advisory & Stakeholder Engagement
- Act as a trusted advisor to management and business units on cybersecurity risks, secure system design, and data protection requirements.
- Provide guidance on secure digital transformation initiatives, cloud security, third-party risk, and emerging technologies.
- Conduct security awareness sessions and promote a strong information security culture across the organization.
3. Qualifications & Experience
Education
- Bachelor's degree in Information Security, Cybersecurity, Computer Science, Information Technology, or a related field.
- Master's degree is an advantage.
Professional Certifications (Preferred)
- CISSP (Certified Information Systems Security Professional)
- CISM (Certified Information Security Manager)
- CISA, ISO 27001 Lead Implementer / Lead Auditor, or equivalent certifications
Experience
- Minimum 79 years of progressive experience in information security, cybersecurity, or IT risk management.
- Experience within government or semi-government entities is highly preferred.
- Proven experience leading security initiatives, risk assessments, and regulatory compliance programs
