responsible for developing, implementing, and maintaining information security strategy and programmes. Key focus: lead the company’s efforts to achieve and maintain ISO 27001 and SOC 2 certifications: implement security controls and ensure optimal use of various security solutions

• Lead and manage the company’s ISO 27001 and SOC 2 certification initiatives.
• Develop, implement, and maintain appropriate information security management processes.
• Conduct risk assessments, gap analyses, and internal audits to identify and mitigate security risks.
• Define and enforce security policies, procedures, and controls aligned with industry best practices.
• Collaborate with external auditors, consultants, and internal stakeholders during certification and compliance processes.
• Monitor, investigate, and report on security incidents and vulnerabilities.
• Conduct scheduled vulnerability assessments (quarterly) and implement appropriate controls to eliminate and/or mitigate the risks associated with identified vulnerabilities.
• Test and deploy system patches and updates to address/prevent known vulnerabilities.
• Deliver security awareness training and promote a culture of security across the organization.
• Support business continuity and disaster recovery planning from a security perspective.
• Stay current with emerging threats, vulnerabilities, and regulatory changes.
• Any other related and reasonable duty assigned.

A.     REQUIRED EDUCATION, EXPERIENCE AND COMPETENCIES

Qualifications and Experience:

• Bachelor’s degree in Information Security, Computer Science, or a related field.
• Professional certifications such as CISSP, CISM, CISA, ISO 27001 Lead Implementer/ Auditor are highly desirable.
• Minimum of 3 years’ experience in information security, risk management, or IT compliance.
• Networking and/or System Administration knowledge.

Specific Knowledge/Competencies Required:

• Demonstrated experience in leading ISO 27001 and/or SOC 2 certification projects.
• Strong knowledge of security frameworks (e.g., NIST, COBIT, ISO/IEC 27000 series).
• Experience with security tools, monitoring systems, and incident response.
• Strategic thinking and risk-based decision-making.
• Strong analytical and problem-solving skills.
• Excellent written and verbal communication.
• Project management and organizational skills.
• Ability to work independently and collaboratively across departments.

1. B.     WORKING CONDITIONS

• Normal indoor working environment with island-wide and/or overseas travel (as required).
• Often required to work outside of normal hours to achieve deadlines and provide support.