Information Security Engineer

Job Summary:

The Information Security Engineer is responsible for protecting the organization's enterprise information systems, business applications, data assets and people by identifying and mitigating security risks. This role involves conducting comprehensive risk assessments, coordinates with SBU POC leads regarding incident response and remediation eAorts, administering security tools, monitoring networks for security breaches, and ensuring compliance with regulations such as DPA of 2012 and ALI Group company policies. Roles maintains functional accountability to ALI Group Information Security OAicer while maintaining an administrative reporting line to the ALH IT Director.

Duties & Responsibilities:

Security Monitoring and Incident Response

• Monitor the organization's data, IT infrastructure, and systems for security breaches and investigate any violations

• Lead the incident response to potential security incidents by providing detailed analysis, collaborating with various cybersecurity incident response teams, and recommending remediation actions

• Conduct root cause analysis and prepare comprehensive incident reports.

Vulnerability Management

• Perform regular vulnerability assessments and penetration testing to identify security gaps.

• Collaborate with IT teams to remediate identified vulnerabilities.

• Track and report on the status of vulnerabilities and remediation eAorts. Security Policies and Procedures

• Work with the ALI Group Information Security OAicer and CIO on the implementation of security policies, procedures, and guidelines.

• Ensure the implementation of policies and procedures are aligned with business objectives. Ensure compliance with relevant standards and regulatory requirements. Conduct regular reviews and updates of security policies for relevance to ALH business.

Security Awareness and Training

• Develop and deliver security awareness training programs for employees.

• Promote a culture of security awareness within the organization.

• Provide guidance and training on security best practices.

Compliance and Risk Management

• Ensure compliance with relevant laws, regulations, and industry standards (e.g., DPA 2012, GDPR, PCI-DSS).

• Conduct risk assessments and provide recommendations to mitigate identified risks.

• Maintain documentation for compliance audits and assessments.

Collaboration and Communication

• Work closely with IT and other business units to ensure security measures are integrated into all aspects of the organization's operations.

• Communicate security issues and recommendations to senior management and stakeholders.

Security Management and Implementation

• Plan, implement, manage, monitor, and upgrade security measures for the protection of the organization's data, systems, and networks.

• Ensuring that the organization's data and infrastructure are protected by enabling the appropriate security controls.

Qualifications:

• Bachelor's degree in computer science, Information Technology, Engineering, Cybersecurity, or a related field.
• Relevant certifications (e.g., CompTIA Security+, CEH, CIS, ISACA certifications) are a plus.
• 5-7 years of experience in information security or a related field.
• Proficiency with security tools and technologies such as firewalls, IDS/IPS, SIEM, and antivirus software.
• Good understanding of risk management framework, methodologies and mitigation strategies.
• Good appreciation and knowledge of network security, application security, and data privacy & protection principles.  Strong analytical and problem-solving skills.
• Good appreciation and understanding of the security triad – CIA (Confidentiality, Integrity and Availability)
• Ability to learn quickly and adapt to new technologies and processes.
• Detail-oriented with a proactive approach to identifying and addressing security risks.
• Ability to coordinate with diAerent business units and stakeholders for incident response and remediation eAorts.
• Good communication skills
• Good project management skills