Purpose of the role - The IT Security & Compliance officer is a senior IT role responsible for safeguarding Mpac Group’s information assets and ensuring the continuous, secure operation of its critical IT services. The ISCO oversees the organisation’s information security, cyber security, service monitoring, data backup processes, and business continuity planning. This role is pivotal in ensuring that all IT systems are secure, reliable, and resilient against potential threats, disruptions, and disasters. Combining strategic oversight with hands-on management, the ISCO plays a critical role in protecting the organisation’s digital infrastructure and ensuring business continuity.
Core Functions -
· Develop, implement, and maintain the organisation’s information security strategy, policies, and procedures.
· Ensure that all IT systems and data are protected against internal and external threats, including cyberattacks, data breaches, and unauthorised access.
· Conduct regular security audits, vulnerability assessments, and penetration testing to identify and address potential security risks.
· Monitor the organisation’s IT infrastructure for security breaches and respond promptly to any incidents.
· Implement and manage cybersecurity tools and technologies, such as firewalls, intrusion detection/prevention systems (IDPS), and antivirus software.
· Lead incident response efforts, including investigation, containment, eradication, and recovery, and provide detailed reports to senior management.
· Oversee the monitoring of IT services and infrastructure to ensure they are performing optimally and securely.
· Implement and manage service monitoring tools to provide real-time alerts and reporting on system performance and security events.
· Collaborate with IT support teams to proactively address performance issues and ensure the resilience of IT services.
· Design and manage the organisation’s data backup strategy, ensuring all critical data is regularly backed up and securely stored.
· Conduct regular tests of data recovery processes to ensure the organisation can quickly recover from data loss incidents.
· Implement and manage disaster recovery plans to ensure minimal disruption to business operations during a major IT incident.
· Develop, implement, and maintain the organisation’s business continuity plans (BCP) to ensure the continuous operation of critical IT services during disruptions.
· Collaborate with various departments to identify key business processes and systems that require continuity planning.
· Conduct regular BCP drills and exercises to ensure the organisation is prepared to respond effectively to disruptions.
· Ensure the organisation complies with relevant information security regulations, standards, and best practices (e.g., GDPR, ISO 27001).
· Conduct risk assessments to identify potential threats to the organisation’s IT systems and data, and implement mitigation strategies.
· Maintain up-to-date knowledge of the latest security threats, trends, and regulatory changes, and ensure the organisation’s security practices evolve accordingly.
· Collaborate with other IT and business leaders to integrate security practices into all aspects of the organisation’s operations.
· Develop and deliver security awareness training programs to employees at all levels of the organisation.
· Provide regular reports to the Group IT Director and senior management on the status of the organisation’s information security and business continuity efforts.
· Communicate security risks, incidents, and mitigation strategies to stakeholders across the organisation.
· Act as the primary point of contact for external security audits and assessments.
#J-18808-Ljbffr