Information Security Officer

The Information Security Officer plays a central role in safeguarding the organization's technology environment, data assets, and operational continuity. This position is responsible for shaping and administering the enterprise-wide security program, ensuring alignment with regulatory expectations, industry best practices, and internal risk frameworks. The ISO provides independent oversight of technology initiatives, advises leadership on emerging risks, and serves as a key resource in strengthening the organization's cybersecurity posture.

Key Responsibilities

Security Governance & Regulatory Alignment

• Maintain and routinely update the organization's information security framework, policies, and procedures to reflect current laws, regulations, and industry standards.
• Deliver clear and concise reporting to executive leadership and governing bodies on security risks, program performance, and emerging threats.

Audit, Assessment & Control Validation

• Oversee the technology audit program, ensuring the scope and depth match the organization's risk profile.
• Coordinate internal and external audits, examinations, and assessments; track remediation efforts and report progress to relevant committees.
• Lead user access reviews across core platforms and validate access governance practices for departmental applications.
• Conduct social engineering exercises and design targeted training when vulnerabilities are identified.

Risk Partnership & Strategic Support

• Work closely with business units to understand data flows, operational processes, and system dependencies in order to identify and mitigate vulnerabilities.
• Evaluate security implications of new products, vendors, and technology initiatives, recommending practical risk mitigation strategies.

Business Continuity & Incident Response

• Maintain and continually enhance the organization's business continuity, disaster recovery, and incident response capabilities.
• Direct response efforts during cyber events, ensuring timely containment, investigation, communication, and recovery.

Security Training & Culture Building

• Develop engaging and relevant security awareness programs for employees at all levels, including senior leadership.
• Champion a strong culture of risk ownership and cybersecurity mindfulness throughout the organization.

Technical Security Oversight

• Provide oversight for core security controls such as firewall configurations, encryption standards, endpoint protection, and intrusion detection technologies.
• Partner with technology teams to ensure adherence to secure configuration standards, patch management requirements, and continuous vulnerability monitoring.
• Review vendor control reports and ensure complementary internal controls are implemented and functioning effectively.

Qualifications

• 5+ years of experience in information security, IT risk management, or a related field; experience in regulated industries preferred.
• Bachelor's degree in cybersecurity, information technology, or equivalent experience; advanced certifications (CISSP, CISM, CISA) are highly valued.
• Familiarity with regulatory standards for technology and security oversight (e.g., FFIEC, NIST, or similar frameworks).