Roles and Responsibilities:

Policies:

Assist and coordinate in the development and review of information security policies, standards and procedures.

Ensure policies comply with any external requirements.

Information Security Awareness:

Develop and conduct security awareness sessions and programs for IT Staff, End users and Contractors.

Participate in planning and content contribution for security awareness campaigns.

Information Security Incident Response

Participate in Information Security response plan development.

Participate in information security incident handling and response.

Perform analysis of Information Security incidents.

Recommend rectifications and provide lessons learned from incidents.

 Risk assessment and Incident Prevention:

Participate in ongoing IT risk assessment activities.

Recommend new and assess current security controls.

 Recommend methods for vulnerability detection and remediation.

Vulnerability Assessment and Penetration testing

 Conduct periodic vulnerability assessment and penetration testing

Information security metrics/KPis

Develop, review and report for on Metrics and Key Performance indicators for information security.

Disaster Recovery and Business Continuity

Review disaster recovery plans and preparations and recommend improvements.

 Review and report on results of disaster recovery drills

Knowledge Transfer

Work closely with KPC information security staff and transfer relevant information security knowledge.

Reports:

Assist in preparing information security reports for management and ISMS committee.

The Information security Officer shall produce summary reports on all activities on a monthly and quarterly basis to . The format and the detail shall be agreed between the two parties. The purpose is for assess whether the performance is being provided satisfactorily and that plans for continuous improvement are in effect.

Skills

Minimum Qualifications :

• University degree in computer science/Electronic engineering/Information Technology
• Knowledge of computer and network forensics
• Minimum 3 years of experience in the information security field Understanding of risk management principles
• Penetration testing and vulnerability assessment experience Must have at least one of the following certifications:
• CISSP - Certified Information Systems Security Professional CEH - Certified Ethical Hacker
• CISM - Certified Information Security Management CISA - Certified Information Security Auditor SANS GSEC: GIAC Security Essentials
• SANS GISF: GIAC Information Security Fundamentals