|
Occupation Description
Primary Purpose
Responsible for performing regular risk assessments, developing risk mitigation strategies which are pertaining to information risk management
Responsibilities
- Plan and prepare for information risk assessments.
- Review and perform regular and ad-hoc information risk assessment.
- Provide risk assessment reports.
- Maintain defined policies and standards, with emphasis on information risk management, update them and define new policies as and when required.
- Identify common and specific threats and vulnerabilities of the systems and databases under review.
- Develop and update the Threats and Vulnerabilities databases and the control database.
- Perform detailed threat and vulnerability impact assessment, assign impact ratings and make adjustments in the overall risk ratings for the systems and databases being assessed.
- Identify the impact of the new threats and vulnerabilities on various assets.
- Identify the owners and key users of the area or process under review and provide input to the supervisor for overall planning.
- Identify risk mitigation options available, evaluate and analyse feasibility, effectiveness, efficiency and cost of risk mitigation options/controls and propose the most appropriate controls for the systems and databases being assessed.
- Keep a tab on new technologies and risk areas within them
- Function as a point of escalation for Security Related incidents.
- Maintenance of all relevant IT Risk documentation.
Requirements
- At least 3 years of related experience
- Degree in engineering, science, business or other numerate discipline.
- Possess basic to intermediate knowledge and understanding of information security concepts and technologies
- Experience of working in information risk management projects and exposure to project management techniques.
- Proven ability to coordinate distributed projects with multiple stakeholders within organisation
- Coding experience and database build security review experience preferred.
|