Group Information Security Officer

Job Summary

Responsible in enforcing policies and procedures that protect the organization's computing infrastructure from all forms of security breaches. Oversee information security, cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks. Responsible for identifying vulnerabilities and working with ALH's IT Team (Hotels and Resorts) in resolving tickets and ensuring that network environment and data remain secure. Educate staff in various information security topics.

Key Responsibilities and Duties

Security Monitoring and Incident Response:

• Monitor the organization's data, IT infrastructure, and systems for security breaches and investigate any violations.
• Lead the incident response to potential security incidents by providing detailed analysis, collaborating with various cybersecurity incident response teams, and recommending remediation actions.
• Conduct root cause analysis and prepare comprehensive incident reports.

Vulnerability Management:

• Perform regular vulnerability assessments and penetration testing to identify security gaps.
• Collaborate with IT teams to remediate identified vulnerabilities.
• Track and report on the status of vulnerabilities and remediation efforts.

Security Policies and Procedures:

• Work with the Information Security Management Team to develop, implement, and maintain security policies, procedures, and guidelines.
• Ensure policies and procedures are aligned with industry standards and regulatory requirements.
• Conduct regular reviews and updates of security policies.

Security Awareness and Training:

• Develop and deliver security awareness training programs for employees.
• Promote a culture of security awareness within the organization.
• Provide guidance and training on security best practices.

Compliance and Risk Management:

• Ensure compliance with relevant laws, regulations, and industry standards (e.g., DPA 2012, GDPR, PCI-DSS).
• Conduct risk assessments and provide recommendations to mitigate identified risks.
• Maintain documentation for compliance audits and assessments.

Collaboration and Communication:

• Work closely with IT and other business units to ensure security measures are integrated into all aspects of the organization's operations.
• Communicate security issues and recommendations to senior management and stakeholders.

Security Management and Implementation:

• Plan, implement, manage, monitor, and upgrade security measures for the protection of the organization's data, systems, and networks.
• Ensuring that the organization's data and infrastructure are protected by enabling the appropriate security controls.
• Participating in the change management process.

Qualifications

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity or a technology-related field.
• Relevant certifications (e.g. CompTIA Security+, CEH) is a plus.
• A minimum of two (2) years of experience in Information Security.
• Familiarity with security tools and technologies such as firewalls, IDS/IPS, SIEM, and antivirus software.
• Basic understanding of risk assessment methodologies and mitigation strategies.
• Knowledge of network security, application security, and data protection principles.
• Strong analytical and problem-solving skills. This is applicable in Security Analytics (SIEM) and User Entity Behavior Analysis.
• Excellent problem-solving and analytical skills.
• Detail-oriented with a proactive approach to identifying and addressing security risks.
• Ability to coordinate with different business units and stakeholders for incident response and remediation efforts.
• Ability to educate a non-technical audience about various information security program.
• Effective verbal and written communication skills.