Establishing standards and processes for the management of information security in compliance with applicable legislation and standards; Building a culture of effective information security; Updating the information security strategy; and Taking responsibility for the assessing and managing information security risk, particularly IT security risk.
- Effectively investigating the cause of information security incidents, recommend, design and lead projects for remediation and prevention of recurrence.
- Timely responding to the information security incidents, and ensure that proper controls are met by the systems.
- Responsible for maintaining and managing IT security risk register and arrange IT security risk meetings.
- Provide leadership in designing and costing solutions to security concerns, gain agreement from stakeholders (such as IT and staff) and drive the result projects.
- Plan and perform security risk assessments of information systems, data flows, document findings, managing and driving remediation plans in line with organisational risk appetite and best practice
- Conduct vulnerability and risk assessments of IT components, produce plans for improvement and communicate these to the business owners in line with a best practice, being responsible for ensuring the pen testing is undertaken on applications and infrastructure
- Gain over confidence and respect from business owners in relation to information security risk for new systems, applications and changes to systems by having a stakeholder engagement plan.
- Embed information security as part of the procurement process, working in-line with the Procurement Manager, who will be responsible for ensuring Data Protection.
- Manage engagement with external suppliers of information security services, such as IT Managed Services Provider, software vendors, penetration testers and auditors and ensure audit of these suppliers, also ensure due diligence questionnaires and risk assessments are made an integral part of procurement processes
- Ensure IT vendor management is an ongoing process
- To advice on the security aspects of procurement contracts, including access controls
- Work with the Learning Team to develop an engaging and accessible learning programme to build an effective information security culture for staff and volunteers
- Plan the resources and expenditure needs in order to carry out information security activities to best practice.
- Ensure all volunteers and employees are clear about their responsibilities in relation to information security and the protection of assets by clarifying procedures and instilling good practice.
Desired Candidate Profile
UG:B.Tech/B.E. - Computers
PG:MCA - Computers
Narayana Hrudayalaya Ltd
Contact Company:Narayana Hrudayalaya Ltd