● Analyzing and advising on the treatment of information security.
● Setting the required security policies and direction.
● Defining security guidelines based on organizational requirements.
● Implementing an information security management system based on ISO 27001.
● Conducting risk analysis and management based on ISO 27005.
● Auditing the application of security controls and the conformance to policies within the company.
Requirements
● Adequate and strong knowledge of the implementation of ISMS.
● Sufficient knowledge of security standards such as ISO 27k and PCI-DSS.
● Expertise in designing and writing security policies and procedures.
● Sufficient knowledge of network security design and architecture.
● Sufficient knowledge of assessment of security vulnerabilities.
● Sufficient knowledge of auditing in case of performing internal auditing process.
● Familiar with COBIT framework and standards such as NIST and PCI-DSS.
Certifications:
● ISMS lead implementation.
● Internal audit.
● Security+.
● Network+.
● CEH.
● Lead auditor certification would be a bonus.