Information Security Officer  

Role Summary:

The role shall be responsible for overseeing the institution’s information and data security. The ISO shall manage the organization’s security posture, including risk assessments and incident response. It should function in partnership with both IT and business leadership to ensure that all systems are secure and compliant with industry standards. He/she shall be reporting directly to the Risk Management Head to maintain independent oversight.

Main Duties and Responsibilities:

• Design and implement information security policies and procedures aligned with applicable laws and regulations to protect information assets from unauthorized access, use, or disclosure.
• Keep abreast on latest legislation, regulations, advisories, alerts and vulnerabilities that may pertain to and/or affect ATRAM and its business interests.
• Plan and schedule activities and/or tasks pertaining and relating to information security, including monitoring of IT health checks, and the performance of information security review
• Research and recommend security measures to be included in the installation of packages or new application programs.
• Develop and implement an active information security risk assessment program and routinely administer and monitor measures to ensure that ATRAM’s information facility, both physical and logical, is protected from potential breaches, threats and/or hacks emanating from either within or outside the entity.
• Develop and implement an incident reporting and response system to address information security breaches.
• Respond to alleged policy violations and/or complaints from external parties.
• Identify recurring problem and initiate change requests meant to prevent the recurrence of breaches against information security.
• Identify and manage risks to the confidentiality, integrity and availability of information assets.
• Ensure that all reported and/or recorded deviations against approved security and privacy policies and procedures went through Root Cause Analysis (RCA). Ensure that the RCA is a standard attachment to all reports concerning deviations.
• Recommend new and enhanced work processes in close coordination with various business unit heads to provide corrective and preventive action to recurring problems.
• Coordinate the dissemination of information security policies, standards and procedures, and spearhead the development and delivery of educational and training awareness programs for all employees, authorized users and other stakeholders pertaining to information security and related laws and regulations.
• Monitor compliance with information security policies and procedures and takes corrective and preventive action as necessary.
• Conduct review of Information Security Manual (at least on an annual basis or interim) to incorporate updates in regulatory requirements and changes in processes to ensure that ATRAM policies are compliant with regulatory requirements and best practices.
• Perform other tasks as maybe assigned by the Risk Management Head.

• At least 5 years experience in Information Security, Information Technology, or other related fields
• Preferably licensed and/or Certified (e.g., CISSP)
• Excellent project management, written and oral communications skills desired
• Ability to work collaboratively with personnel from all levels of organization
• Self-starter; able to work independently with minimum supervision
• Technical competencies on IT Governance; Network Infrastructure and/or Systems Administration; Unified Threat Management or Unified Security Management; Configuration Management Database Administration; Project Management
• Good grasp of regulations and industry best practices
• Excellent problem solving and analytical skills
• Organizational skills