No. of Vacancy: 1

Job Location: Kathmandu

Experience: Minimum 1 year of related experience in related field.

Professional Skill Required: Interpersonal Communication, Analytical and Critical Thinking, Technical skills, Time management, Project Management

Requirements

Job Details: Information Security Officer (ISO) is an officer level contractual position, to be confirmed upon satisfactory completion of performance as per company’s policy

Age: Minimum age limit of 21 years and not exceeding 35 years for male and 40 years for female on the last date of submission of application.

Education: Minimum of Bachelor’s degree either in computer science/ information technology or business math or equivalent professional experience in Information Technology. Appropriate Certification or training is required, such as CISA, CISM or CISSP.  Preference will be given to professional technical certification such as MCP/CCNA. 

Duties and responsibility of ISO:

• Information security officer researches, develops, implements, tests and reviews Company’s information security in order to protect information and prevent unauthorized access in the Company.
• ISO must educate users about security measures, explain potential threats, install security related software, implement security measures and monitor networks. Review systems in order to identify potential security weaknesses, recommend improvements to amend vulnerabilities, implement changes and document upgrades.
• ISO is responsible for gathering information necessary to maintain security and establish functioning external barriers such as firewalls and other security measures. Create and maintain the documentation for certification and accreditation of each information system in accordance with NRB guidance requirements. 
• ISO has to establish and enforce security policies to protect an organization’s computer infrastructure, networks and data. 
• ISO implements an established COBIT governance framework to manage IT governance, risk, and compliance related activities. 
• Develop, maintain and publish up-to-date information security policies, standards and guidelines as per all applicable policies, laws, regulations and industry practice. Oversee the approval, training, and broadcasting of security policies and practices.
• Create and manage information security and risk management awareness training programs for all employees, contractors, hardware/software vendors and approved system users.
• Categorize the risk depending on the information resources based on their functions, threat exposure, vulnerabilities and data type pursuant to the information security policies, size, complexity and capabilities of the information resources of organizations.
• ISO analyzes the risk with the following works/tools.
    a. Identification and prioritization of the threats to information resources.
    b. Identification and prioritization of the vulnerabilities of information resources.
    c. Identification of a threat that may exploit vulnerability.
    d. Qualitative identification of the impact to the confidentiality, integrity and availability of information resources if a threat exploits a specific vulnerability.
    e. Identification and definition of measures and/or controls used to protect the confidentiality, integrity and availability of Information Resources.

• Provide regular reporting on the current status of the security program to senior management and to the Board of Directors (if required).
• Develop and implement an information security management framework that aligns with Company’s business model, risk profile, and existing compliance initiatives and efforts. 
• Provide strategic risk guidance for IT projects including the evaluation and recommendation of technical controls.
• Coordinate information security and risk management projects with team managers from across the Company’s teams and IT vendors.
• Work with our compliance team to ensure that security and privacy programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
• Define, conduct and facilitate the global information security risk assessment process including the reporting and oversight of treatment efforts to address negative findings.
• Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the Company’s reputation.
• Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
• Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the Company maintains a strong security posture.
• Develop and manage effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.
• Serves as an internal information security consultant to the organization.
• Initiates, facilitates, and promotes activities to advance information security awareness within the Company.
• Review of change management practices.

Knowledge, Skills and Abilities

1. Demonstrate ability to succeed within fast-paced, high-growth environments.
2. Executive-level written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences up through and including the Board of Directors.
3. Self-confidence and ability to act calmly and competently in high-pressure, high-stress situations.
4. Must be a critical thinker with strong problem-solving skills.
5. Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
6. High level of personal integrity as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
7. Assess the impacts on system modifications and technological advances and must be highly analytical and effectively able to troubleshoot and prioritize needs, requirements and other issues. 

Shortlisting will be done on the basis of your answers while applying, please answer the questions carefully. Only shortlisted candidates will be contacted. Telephone enquiries will not be entertained.