Develop and maintain information security management systems & engineering governance policies, procedures and standards in alignment with regulatory requirements, ISO 27001, and industry best practices.
Develop, implement and maintain security policies, standards, procedures, guidelines and define KPI’s & KRI’s.
Stay updated on compliance requirements and relevant laws, regulations and industry standards relate to IT/OT security.
Identify, assess and prioritize information security risks across MCV.
Develop and implement risk management framework, guideline different stakeholders, develop risk register for monitoring and reporting on the status of risks & control effectiveness.
Conduct regular technical risk assessments and identify potential threats & vulnerabilities across MC.
Develop and deliver security governance, risk and compliance training program.
Promote security awareness and compliance culture throughout MCV.
Familiar with SDLC & SSDLC, SecDevOps, help project managers to develop cybersecurity risk register for ongoing project, conduct periodic reviews aligned with mitigation controls.
Collaborate with internal & external stakeholders and provide technical guidance and support to management and IT, Engineering staff on ISMS, information security and GRC related matters.
Maintain accurate technical records and documentation, prepare and share regular quarterly report on ISMS program & MCV security posture.
