img
Sign In

Information Security Officer

Information Security Officer

  • 5 - 8 years
  • $1500 - $2500
  • Kingston, Kingston -
  • Full Time
  • Posted: 3 weeks ago
  • Openings: 1
  • Job Applicants: 0

Job description

We are seeking a highly skilled and motivated Information Security Officer to join our team and safeguard our organization's information systems. The ideal candidate will have a robust understanding of information security principles, risk management, and compliance requirements. As an Information Security Officer, you will be responsible for developing and implementing security policies and procedures, monitoring and responding to security incidents, and ensuring the protection of sensitive data. Your role will involve working closely with IT staff, management, and other stakeholders to enhance our overall security posture and maintain compliance with relevant regulations.

Key Responsibilities:

  1. Security Strategy and Policy Development:

    • Develop and implement comprehensive information security policies, procedures, and guidelines to protect organizational assets.
    • Establish and maintain a security framework aligned with industry standards and best practices (e.g., ISO 27001, NIST, CIS).
    • Conduct regular reviews and updates of security policies and procedures to ensure they remain current and effective.

  2. Risk Management:

    • Identify, assess, and prioritize information security risks and vulnerabilities across the organization.
    • Develop and implement risk mitigation strategies and controls to address identified threats.
    • Conduct regular risk assessments, security audits, and vulnerability scans to ensure the effectiveness of security measures.

  3. Incident Response and Management:

    • Develop and maintain an incident response plan to address and manage security breaches or incidents.
    • Coordinate and lead incident response efforts, including investigation, containment, remediation, and reporting.
    • Conduct post-incident reviews to identify lessons learned and improve security practices.

  4. Compliance and Regulatory Requirements:

    • Ensure compliance with relevant legal, regulatory, and industry requirements (e.g., GDPR, HIPAA, CCPA).
    • Conduct regular compliance audits and assessments to verify adherence to security policies and standards.
    • Liaise with external auditors and regulatory bodies as needed.

  5. Security Awareness and Training:

    • Develop and deliver security awareness training programs for employees to promote a culture of security.
    • Conduct regular security training sessions and simulations to prepare staff for potential security threats.
    • Evaluate the effectiveness of training programs and update content as needed.

  6. Monitoring and Reporting:

    • Implement and maintain security monitoring tools and systems to detect and respond to potential threats.
    • Analyze security logs and alerts to identify suspicious activities and potential security breaches.
    • Prepare and present regular security reports to senior management, including risk assessments, incident summaries, and compliance status.

  7. Collaboration and Communication:

    • Work closely with IT teams, management, and other stakeholders to ensure alignment on security initiatives and priorities.
    • Provide guidance and support on security best practices and risk management.
    • Act as a liaison between the organization and external security partners or vendors.

  8. Continuous Improvement:

    • Stay current with the latest security trends, threats, and technologies.
    • Evaluate and recommend new security solutions and technologies to enhance the organization’s security posture.
    • Participate in industry forums, conferences, and training to continuously improve knowledge and skills.

Qualifications:

  • Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or a related field, or equivalent practical experience.
  • 5+ years of experience in information security, risk management, or a related field, with a proven track record in implementing security measures and managing security incidents.
  • Strong knowledge of information security frameworks, standards, and best practices (e.g., ISO 27001, NIST, CIS).
  • Experience with security tools and technologies, including firewalls, intrusion detection/prevention systems, and encryption.
  • Familiarity with regulatory requirements and compliance standards relevant to the industry.
  • Excellent analytical and problem-solving skills, with the ability to assess and address security risks effectively.
  • Strong communication and interpersonal skills, with the ability to present technical information to non-technical stakeholders.
  • Relevant certifications such as CISSP, CISM, CISA, or CEH are highly desirable.

Preferred Qualifications:

  • Experience with cloud security and managing security in cloud environments (e.g., AWS, Azure, Google Cloud).
  • Knowledge of network security principles and practices, including VPNs, network segmentation, and secure communication protocols.
  • Experience with penetration testing and vulnerability assessment tools.
  • Familiarity with DevSecOps practices and integrating security into the software development lifecycle.

Education

  • Bachelor's Degree

Feedback Form