- Understand and communicate the annual audit plans for InfoSec. Prepare InfoSec application, solution, and service owners for participation in audits, discussion on issues found, planning & implementing plan for remediating issues found, and communicating closure of issues. Collaborate with Internal and External Auditors as well as InfoSec partners to ensure appropriate controls mapping, clarity of risks being tested and scope of each engagement. Communicate audit results and recommendations to Corporate InfoSec senior leaders.
- Manage CSA process for InfoSec policies, update and maintain CSA questionnaires, coordinate CSA engagement for Information Security
- Define and develop sustainable security compliance metrics and communicate based on business criticality.
- Create Information Security Dashboard with relevant metrics Ensure that Information Security metrics are defined, monitored, and reported. Monitor defined metrics and ensure mitigation plan creation in case of discovered deviation. Collaborate with team to analyse the deviations.
- Develop and facilitate process and deploy strategy to implement Appropriate Governance within InfoSec, ensuring 100% of policies and standards are specifically monitored "where technically feasible”. Become an expert in Info Sec's policies, standards and control environment and lead governance efforts on behalf of InfoSec, including identification of enterprise-wide control monitoring and automation opportunities.
- Drive annual InfoSec Audit process for Governance including creation of executive summaries and coordination of documentation gathering.
- Manage documentation, ensure all necessary documents are created, followed, and kept up-to-date and consistent
|
