The ISM Coordinator (DSS Standard Tech) is responsible for coordinating and managing the organization’s Information Security Management (ISM) processes. This includes overseeing IT security protocols, conducting risk assessments, and ensuring that security measures meet DSS (Data Security Standard) compliance. The role requires a balance of technical expertise, compliance management, and communication skills to handle security-related issues, working with both internal teams and external partners. The coordinator will play a key role in ensuring the company’s IT infrastructure is secure and aligned with industry standards.
Key Responsibilities:
- Information Security Compliance: Ensure that the organization’s IT infrastructure meets all applicable Data Security Standards (DSS) and other regulatory compliance requirements (e.g., PCI DSS).
- Risk Management: Conduct security risk assessments, identify vulnerabilities, and implement mitigation strategies.
- Incident Management: Respond to and manage security incidents, including analyzing incidents, reporting on them, and coordinating resolutions with relevant teams.
- Security Audits: Coordinate internal and external security audits, ensuring that all necessary documentation and controls are in place.
- Policy and Procedure Development: Assist in developing and maintaining security policies, procedures, and best practices in line with DSS standards.
- User Awareness and Training: Provide training and awareness programs for employees on information security protocols and best practices.
- Security Tools Management: Manage and maintain security tools, such as firewalls, antivirus software, and intrusion detection systems (IDS).
- Collaboration with IT Teams: Work closely with IT teams to ensure the security of hardware, software, and network systems.
- Vendor Management: Liaise with external vendors to ensure compliance with security standards and manage security-related contracts.
- Documentation: Ensure accurate documentation of security incidents, controls, processes, and configurations.
- Continuous Monitoring: Conduct regular security monitoring, vulnerability scanning, and system updates to proactively address potential security risks.
Required Skills:
- Security Standards Knowledge: Strong understanding of security standards like DSS (e.g., PCI DSS) and familiarity with other frameworks such as ISO/IEC 27001.
- Technical Expertise: Proficiency in security technologies including firewalls, intrusion detection/prevention systems, endpoint security, and encryption tools.
- Networking: Understanding of networking concepts (TCP/IP, DNS, VPNs, LAN/WAN) and their impact on security.
- Risk Assessment: Experience conducting security risk assessments and vulnerability analysis.
- Incident Response: Familiarity with incident response protocols and security event management.
- Documentation: Excellent documentation skills for policies, procedures, and incident reports.
- Compliance Awareness: Knowledge of regulatory compliance requirements in relation to information security.
Qualifications:
- Bachelor’s degree in information security, Computer Science, Information Technology, or a related field (or equivalent work experience).
- 3+ years of experience in information security, risk management, or a related field.
- Relevant certifications are highly desirable, such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or Certified Ethical Hacker (CEH).
- Experience with DSS (Data Security Standards), particularly PCI DSS, is preferred.
- Strong understanding of security risk management and mitigation strategies.