● Selecting the appropriate security standards for the organization's products.
● Security consulting and monitoring on the acquisition or use of new technologies.
● Security consulting to senior managers of the organization.
● Presenting or approving the scope of security projects.
● Submitting or approving cost estimates for security projects.
● Determining the content of the security awareness and education program according to the standards.
● Preparing or revising draft security outlook.
● Preparing or reviewing an organization's security roadmap for long-term goals.
● Determining the security risk assessment methodology.
● Monitoring and leading the risk assessment project.
● Periodic monitoring of the effectiveness of the risk reduction program.
● Compliance of Security Risk Management Program with Security Standards and Policies.
● Determining the security issues under consideration in each phase of the safe development lifecycle based on the methodology.
● Developing security procedures for each policy.
● Monitoring the implementation and use of security procedures.
● Monitoring the implementation of the security awareness and training program.
● Coordinating with other parts of the organization in order to implement a security awareness and training program.
● Determining how to detect security incidents and events.
● Determining the workflow in response to a security incident.
● Compliance with security projects with security standards and policies.
● Determining the strategy and planning of security awareness and training based on standards.
● Development of content of security awareness and education program.
● Monitoring the implementation of selected security standards.
● Monitoring of final product monitoring to comply with the standard.
Select security policies and controls to reduce risk.
● Defining maps and responsibilities in the security incident response plan.
● Adapting different phases of the system life cycle to the safe development cycle for products.
● Determining RTO systems to provide disaster recovery procedures.
● Determining RPO systems to provide support routines.
Requirements
● Fluent in security standards including ISO 27000 series.
● Familiarity with developing security policies.
● Familiarity with security maturity models.
● Familiarity with risk assessment methodologies.
● Familiarity with security and safety controls in software production.
● Preferably with a CISSP degree or other valid information security documents.
● Interested in learning and individual development.