The Information Security Officer (ISO) will serve as the focal point for security compliance related activities and responsibilities as listed below. The ISO is generally responsible for obtaining or developing the Onapsis policies and procedures for submission to the Information Security Committee for approval/adoption. The ISO is also responsible for maintaining Onapsis'' information security policies and procedures, as well as overseeing compliance of any laws or standards adopted by Onapsis, related to the tenancy or processing of information, and reviewing the conduct of those assigned to specific security duties. The ISO will administer the reviews relating to the overall security program, and ensure that educational programs are conducted to enhance the general security awareness.
The ISO serves as a resource regarding matters of information security, including data privacy. &
Key activities and responsibilities:
- Develop and maintain a formal set of Information Security policies, procedures and standards according to the ISO 27001.
- Conduct and complete an annual review of the company''s information security policies, procedures and standards.
- Oversee and/or assist in performing ongoing assessments testing the company''s security procedures, mechanisms and measures.
- Serve as a liaison for the implementation of security controls derived from policies, standards and procedures.
- Perform periodic Risk Assessments reviews and coordinate the remediation of risks with the corresponding Data Owners.
- Assist in the evaluation and settings of physical security for IT sites
- Oversee the development of a Business Continuity Plan
- Develop a set of Performance Indicators to evaluate the effectiveness of security standards and controls
- Coordinate the development of an Incident Response and Containment Plan
- Ensure compliance through adequate training/awareness programs and periodic security audits. These audits should be both internal and external in nature.
- Provide development guidance and assistance in the identification, implementation, and maintenance of organization information privacy policies and procedures in coordination with organization management and legal counsel.
- Collaborate with Legal and Sales departments to drive enforcement of compliance with customers requirements for vendors on InfoSec practices.
Required skills, aptitudes and certifications
- At least two years on a similar role.
- Certified Information Systems Security Professional (CISSP).
- Excellent communication skills.
- Bilingual spoken and written English level.
- Practical experience on incident response scenarios.
- Knowledge of Information Security related laws (25.326 - Personal Data, 26.388 - Digital Crimes, 11.723 - Intellectual Property)
Desired skills and aptitudes
- Knowledge of other information security standards appart from ISO 27001 (e.g., NIST 800-53, PCI DSS, CIS Critical Security Controls, etc.), rules and regulations related to information security and data privacy (e.g., GDPR, FERPA, HIPAA, etc.) and related security principles for risk identification and analysis.