JOB PURPOSE

This role will be responsible for handling the implementation and maintenance of GFG and subsidiaries Information Security Management System in accordance with local laws, regulations and best practices.

KEY ACCOUNTABILITIES

• Support Head Information Security in defining and implementation of information security governance documentation including policies, manual, SOPs and guidelines.

• Support Head Information Security in conducting Risk-based Assessment of Information Security policies and operating procedures owned by other departments within the group against industry-recognized security standards and best practices, ensuring adequate preventive, detective and corrective controls to provide data integrity, confidentiality and availability.

• Support Head Information Security in conducting analysis of security requirements and controls to identify gaps and provides recommendations of industry best practices, trends, and technology products.

• Support Head Information Security in conducting on annual basis and continuous basis Information Security Risk Assessment, identify business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.

• Develop and maintain information register and ensure that the information is classified by data owners and protected in accordance with the information classification framework.

• Conducting awareness sessions to the new and existing employees on information security policies and global trends as per the awareness program.

• Support in defining information security requirements in information systems, projects and third parties in cooperation with the delivery departments i.e. ICT, and FM.

• Support in conducting incident investigation for information security incidents and ensuring that the necessary actions and disciplinary actions are taken.

• Support in defining information security requirements to be included in ICT Disaster recovery plans to ensure continuity of information security controls during disasters.

• Support in conducting internal and external audits to ensure that BAC Information Security Management system complies with best practices and local regulations.

• Improve the maturity of the information security management system through suggesting and supporting in the implementation of technologies such as DLP solutions, GRC solutions etc.

QUALIFICATIONS

• Bachelor’s degree in information technology.

• Certified Information Security Auditor (CISA) (Preferred)

MINIMUM EXPERIENCE

• 3+ years of Information Security experience

JOB SPECIFIC SKILLS

• Proven ability to establish and manage “dotted-line” business relationships to deliver agreed outcomes/deliverables.

• Ability to work effectively with all levels of personnel across the organization.

• Proven ability to communicate clearly and appropriately based on audience with excellent facilitation and customer service skills.

• Excellent written and verbal communications, critical thinking skills, effective interpersonal skills, strong formal presentation abilities.

• Ability to be flexible and work effectively with ambiguity and change.