Performing business impact assessments (using the BIRT template)
Performing security reviews (using the security review template)
Performing risk assessments (using the security risk template)
Creating security treatment plans (using the security treatment template)
Selecting security controls and determine mitigation actions (part of security treatment plan)
Plan, perform and manage reviews, assessment and other quality control activities.
Document, analyse, report and present the review and assessment results.
Advice, train and coach on related industry standards and best practices.
Plan, perform and manage quality improvements.
Develop policies, strategies, methodologies and implementation plans.
Manage the implementation plans.
Document processes, work instructions, templates and other necessary process documentation in collaboration with Institution's team members
Qualifications
University Degree with a minimum of 6 years of professional IT experience OR Non- university degree with a minimum of 8 years of professional IT Experience
At least 3 years of relevant experience on IT and Information Security Risk Management area of expertise
Strong experience in the following is required:
IT security and IT security risk management to perform the tasks
Performing business impact assessments, security reviews and risk assessments will benefit the tasks
Creating treatment plans and selected security controls and determine mitigation actions will benefit the tasks
Strong knowledge and understanding of IT security standards (e.g. ISO 27000)
Proven effective communication skills is required, as integral part of the role