I have been working as information security compliance executive for 1.5 years in an ISP. Following is my Job description. Please suggest if this JD fulfils the NOC 2171 main duties
1. Ensure and manage the implementation of Information Security Management System using ISO/IEC 27001:2005 in particular Information Systems security.
2. Develop and ensure the compliance of all the applicable policies, procedures and controls of Information Security Management System.
3. Identify and assess the risk associated with current and new information assets, information systems, new/modified business processes.
4. Perform risk assessment of information systems, information assets and suggest areas of improvement.
5. Facilitate all the departments in the development, maintenance and testing of Business Continuity and Disaster Recovery Plans.
6. Perform penetration testing and vulnerability assessment.
7. Conduct quarterly Information Security Audit and member of Information Security Forum.
8. Track and manage Information Security incidents and lead its investigation.
9. Responsible for the automating and implementing Information Security tool(s) or application(s) independently or with the team.
10. Develop policies, procedures, templates and other relevant information security management system documentation.
11. Act as Management’s representative in external/third party audits.
1. Ensure and manage the implementation of Information Security Management System using ISO/IEC 27001:2005 in particular Information Systems security.
2. Develop and ensure the compliance of all the applicable policies, procedures and controls of Information Security Management System.
3. Identify and assess the risk associated with current and new information assets, information systems, new/modified business processes.
4. Perform risk assessment of information systems, information assets and suggest areas of improvement.
5. Facilitate all the departments in the development, maintenance and testing of Business Continuity and Disaster Recovery Plans.
6. Perform penetration testing and vulnerability assessment.
7. Conduct quarterly Information Security Audit and member of Information Security Forum.
8. Track and manage Information Security incidents and lead its investigation.
9. Responsible for the automating and implementing Information Security tool(s) or application(s) independently or with the team.
10. Develop policies, procedures, templates and other relevant information security management system documentation.
11. Act as Management’s representative in external/third party audits.