Information Security Officer Job Description

Key Responsibilities

Develops and delivers a comprehensive information security and privacy program.

Ensures that the organization's information technology resources are appropriately protected from unauthorized destruction, alteration and access.

Prudently manages security to ensure that it's accomplished in a manner that's consistent with business strategy and execution.

Security Governance

Oversees security governance.

Develops and implements security strategy, policies and procedures.

Develops and maintains an organizational structure that identifies responsibilities and authority for information security across all IT services.

Communication

Develops and implements a security policy communication and training strategy.

Communicates regular security reports and metrics.

Actively advocates security awareness across the extended organization.

Audit & Compliance

Stays abreast of the latest information security and privacy laws, regulations and best practices.

Provides oversight and audit of security initiatives.

Provide security oversight and audit of IT projects and operations.

Complies with the law and adheres to the highest standards of ethical business conduct.

Risk Management

Stays abreast of the latest information security threats and vulnerabilities.

Develops and delivers a comprehensive information security risk assessment program.

Recommends and implements methods and tools to identify and manage vulnerabilities and threats.

Incidence Response

Develops and delivers a comprehensive incident response system.

Provides oversight of incident response activities and manages incident communication to the organization.

Acts as a liaison with law enforcement agencies in their efforts to investigate any violation of information security and privacy laws.