He/She shall be responsible for any security development and new initiatives and implementing monitoring the security initiatives.
Report to a high-level manager, to balance security with technological and business issues.
Be the Organizations authority on information security.
Recommend appropriate separation of duties and responsibilities for (IT) functions.
Promote information security awareness throughout the Organization.
Be part of the decision-making team when the Organization is designing, planning, procuring or upgrading technologies.
Be responsible for the development, implementation and revisions of an Organization information security policy.
Be the single point of contact for all issues involving information security including, but not limited to, questions, alerts, viruses and breach; and
Inform Organization’s Executive Management (where applicable) of breaches, information security activity and risks.
He/She shall be responsible for ensuring the development and revision of policies where such are not available, are not covered in scope by the current policies or need a further expansion. S/he will be a part of the Quality and Training Team.
Identify appropriate training for Organization staff including, but not limited to, the information security policy.
Be familiar with and understand all access security methods and configurations at the Organization.
Stay current via training and publications about information security issues.
Review and test information security features of new critical software, hardware and firmware.
Promote the education of Organization staff about the information security risks, including social engineering and the presence of unauthorized persons.
Receive regular training on information security issues and,
Review publications and other information regarding information security.
Ensure that the information security policy reflects current security practices and architecture.
Take appropriate steps in accordance with the Organization's information security policy when breaches occur, which may include:
Being notified immediately when an incident of defined nature of criticality occurs.
Immediately ascertaining the scope, nature and extent of the breach.
Notifying the appropriate executive management of the incident.
Isolating and containing the incident.
Preserving evidence where appropriate and Taking steps to prevent a reoccurrence of the incident.