IT Security Officer

Job Purpose

This position has an objective to

• Drive the implementation of Group IT Governance and Cyber Security Strategy across the region by assisting the OG CISO.
• Achieve and maintain IT compliance across the region as per group policies and IT standards and regulations.
• Minimize the cyber security threats and related risks across the region by taking proactive measures.
• Support the region to achieve security standards like the NIST Framework and 27001 as per group guidelines.
• Properly maintain inventory of IT assets, applications, domains, and certificates and their validity with the help of the local IT team.
• Work closely with application owners for secure development and hosting of applications by following the Security by Design process.
• Closely work with HR, Legal, Local IT, and the Management Team of the Region to achieve the required result and enhance cybersecurity.
• Brief the IT executive team on issues, risks, and status.
• Local, HO, and external audit support.
• Create a cyber security budget if your region requires one.
• Ensure that disaster recovery and business continuity plans are in place and tested;
• Participate actively in crisis management activities and exercises with the OG team.

Roles & Responsibilities for HSE

• In all situations, the BV Cardinal Safety Rules must be followed.
• To comply with company HSE requirements (e.g., policies, procedures, guidelines, etc. and local legal requirements on HSE as applicable.
• to take care of own health and safety as well as that of colleagues and others.
• Immediate reporting of any shortcomings on HSE, i.e. any incident, unsafe work practices, / conditions, to his/her immediate line managers.
• Sharing opportunities for improvement on HSE aspects.

Criteria for Performance Evaluation

• Use of Group level/ new tools and utilities to record, track and measure cyber threats and incidents.
• Achievement of targets for major control implementation in standards like NIST, 27001.
• Create awareness to reduce the risk of cyber threats to businesses and the availability of IT services.
• Minimum number of findings in BitSight and BitSight Score.
• Effective teamwork
• Achieve operational excellence.
• Deliver value to internal and external clients.
• Develop people.
• Use of group-level or new tools and utilities to record, track, and measure cyber threats and incidents.

Knowledge/ Education / Previous Experience Required

• Engineer or relevant field graduate with technical background in IT (bachelor's degree or above)
• comfortable working in a multicultural environment.
• Above 10 years of experience in IT
• A sound understanding of computer systems (hardware/software), networks, etc.
• A strong understanding of internal controls and excellent management skills are required.
• knowledge of security standards, auditing techniques, and documentation.

• Resourcefulness, proven interpersonal skills, and the ability to work in a diverse environment with sensitivity and respect.
• Excellent communication skills (Good English speaking, computer skills, and writing skills are a must.)
• Proven ability to build strong relationships with all levels of an organization
• Ability to communicate with tact and diplomacy, both orally and in writing,
• Good presentation skills
• Ability to efficiently manage time and workload, which includes planning, organizing, prioritizing, and following-through on a variety of tasks, assignments, projects, and reports.
• Ability to work as a contributing team member in a professional manner.
• Ability to use effective judgement and problem-solving skills to make reasonable business decisions and recommendations.
• CISSP,CCSP, CRISC, CISM, ISO27001, NIST related certificate is PLUS