GRC(RARR Job 544)

• Under the direct supervision of Lead, Cyber security Governance: - • Develop, implement and monitor strategic, comprehensive enterprise information security and IT risk management programmes to ensure that the integrity, confidentiality and availability of information is managed and controlled by client organizations. • Provide regular reporting on the current status of the information security program to senior management and business units as part of a strategic enterprise risk management program. • Implement governance programmes including an information security steering committee or advisory board. • Create, communicate and implement process for risk management, including the assessment and treatment of identified risks. Work directly with business units and stakeholders throughout the organization on identifying acceptable levels of residual risk. Report and oversee treatment efforts. • Create and manage information security and risk management awareness training programmes for all employees, contractors and approved system users. • Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices. • Develop and enhance an information security management framework based on the ISO 27000 standards. Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection. • Coordinate information security and risk management projects. Provide strategic risk guidance for IT projects. • Manage security incidents and events to protect corporate IT assets, including intellectual property, sensitive data and the organization’s reputation. • Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action. • Develop and oversee effective disaster recovery policies and standards. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas. • Liaise among external and internal stakeholders, including audit, legal and HR management teams as required, to ensure that the organization maintains an appropriate security posture. • Manage information security specialists and consultants • Perform other related duties and fulfil responsibilities as required