IAMOPS is looking for a System security engineer. In this position, he/she will be responsible for establishing the right information security and governance practices and for enabling a framework for risk-free and scalable business operations in the challenging business landscape.
- Develop, implement, and monitor strategic, comprehensive enterprise information security policies and IT/IS risk management program
- Develop and enhance an information security management framework for IAMOPS as well as responsible for our clients and act as their CISO.
- Formulate and Review IS Strategy of the organization and implement information security technologies as required to improve security posture
- Creation and periodic review of InfoSec Policy and Process including DR and BCP process.
- Participate and work with internal IT audit and regulatory audit teams and internally coordinate within IT and various departments to ensure closure of audit points.
- Formulate and work with various committees to ensure the consistent application of policies and standards across all technology projects, systems and services
- Develop and manage the Information Security Awareness Program.
- Provide leadership to the enterprise’s information security organization
- Partner with business stakeholders across the company to raise awareness of risk management concerns
- A candidate with 1-2 years of experience in IT security is preferable.
- Knowledge of common information security management frameworks, such as ISO 27001/HIPAA/HITRUST/SOC2 and NIST.
- Certification in CISA is an added advantage.
- Should possess working experience (i.e., technical hands-on experience) in a cyber/IT audit role.
- Should possess good analytical and critical thinking skills to evaluate control adequacy and operating effectiveness
- Certified in cyber/IT security (e.g., CISSP) Preferred.
- Must be able to work independently as well as in a team.
- Experience in handling or conducting IS audits for IAMOPS and for our clients.
- IT Risk assessment experience is a plus.
- Attended ISO 27001 Lead auditor training and have a good working knowledge of IS27001
- Standard/ PCI DSS compliance and other compliance related to the payments industry.