Job Profile:

• Develop and review information security policies, standards, and guidelines based on industry best practices, regulatory requirements, and organizational objectives.
• Conduct thorough assessments of existing security policies and procedures, identifying gaps and recommending improvements.
• Collaborate with stakeholders across various departments to gather input and ensure alignment with business needs.
• Stay informed about the latest information security threats, vulnerabilities, and industry trends to proactively identify areas of improvement.
• Perform risk assessments and analysis to identify potential security risks and develop appropriate mitigation strategies.
• Assist in the creation and maintenance of security awareness training programs for employees to promote a culture of security awareness.
• Monitor compliance with information security policies, identifying areas of non-compliance and implementing corrective actions.
• Provide guidance and support to IT teams and other relevant stakeholders regarding policy implementation and adherence.
• Participate in incident response activities, assisting in investigations, documentation, and remediation efforts.
• Conduct periodic reviews and audits of security controls to ensure ongoing effectiveness and compliance.

Tools / Skills:

• Bachelor’s degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., CISSP, CISM, CISA) are a plus.
• Proven experience as a Policy Analyst or similar role in the field of information security.
• Strong knowledge of information security principles, frameworks, and standards (e.g., ISO 27001, NIST Cybersecurity Framework).
• Familiarity with regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS) and their impact on information security policies.
• Proficiency in conducting risk assessments and applying risk management methodologies.
• Excellent analytical and problem-solving skills, with the ability to identify vulnerabilities and develop effective solutions.
• Strong written and verbal communication skills, including the ability to present complex information to non-technical stakeholders.
• Ability to collaborate and work effectively with cross-functional teams and stakeholders at various levels of the organization.
• Familiarity with security technologies, tools, and controls, such as firewalls, intrusion detection systems, and vulnerability scanners.
• Understanding of incident response procedures and experience in participating in incident investigations.
• High level of integrity, ethics, and a commitment to maintaining the confidentiality and security of sensitive information.

APPLY HERE