** Min 6 months contract & extendable depending on KPI review and project needs

Information Security Governance

• To conduct a comprehensive review of the IT department's cybersecurity policies, procedures, and practices to determine compliance with established standards and regulatory requirements. This may include interviews with security personnel .
• To develop a detailed inventory of compliance requirements and a corresponding checklist.
• To assess the implementation and effectiveness of controls across IT systems and personnel practices. This can include assessing the configuration so of SIEM, Firewalls, NSGs, AD etc.
• To identify and document any gaps or deviations from compliance requirements.
• To provide a clear report of findings and recommendations for remediation.

Information Security Risk and Compliance

• Responsible for identification, assessment, escalation and mitigation of risks related to IT service
• Ensure risks are reported and communicated timely for management of risks and its risk treatments
• Develop, review and update IT risk register
• Provide guidance to Engineers on IT risk related matters/processes
• Monitors compliance on implemented standards, policies and regulatory requirements
• Manage policy exceptions and risk mitigation activities to improve the control environment and compliance requirements
• Responsible to support the IT and enterprise risk management.
• Perform periodic reporting to risk management, information security, compliance and auditor office

The right individual will have the following key success capabilities and qualities:

• A Bachelor’s Degree in Information Systems or other related disciplines from an accredited institution is required
• Familiarity of working with common security and risk management standards and frameworks: 1SO027001/27002, PCI DSS, NIST, COBIT etc. and of aligning and assessing organizational alignment to these
• Familiar with frameworks and standards such as RMiT, PCI-DSS, IS0 27001, NIST Cyber Security
• Experience in developing or implementing Information Security policies, standards and procedures
• Experience in identification, evaluation, management and monitoring of risk
• Experience in IT Security project coordination.