|
KEY ACCOUNTABILITIES & ACTIVITIES
This section describes the principal outputs required from the job.
|
|
Key Accountabilities
|
Key Activities
|
- Daily Operations
|
- Implement the day-to-day operations assigned for the Corporate Cyber Security Management Department / Section to ensure compliance with the established standards and procedures.
- Identify opportunities for continuous improvement of systems, processes and practices taking into account ‘international best practice’, improvement of business processes, cost reduction and productivity improvement.
- Prepare reports of Corporate Cybersecurity Governance department timely and accurately to meet company and department requirements, policies, and standards
|
- Daily GRC Activities
|
- Responsible for procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices.
- Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- Liaise with Internal Audit, Corporate Compliance and Risk Management to remediate new and outstanding issues, track security related issues in the Cyber Security Department.
- Oversee Elm’s security policies, standards, guidelines, and baselines. Ensure policies are reviewed and updated regularly.
- Promote and monitor ELM’s wide Security awareness program.
- Work with Internal Audit, and outside consultants as appropriate on required security assessments and audits
|
- Cyber Security GRC Management
|
- Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
- Lead the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored.
- Manage, coach, lead and develop a small staff of GRC personnel.
- Maintain expertise on security trends through training, research, and development in order to mitigate potential security exposures.
- Train other staff and external clients as necessary.
|
- Cyber Security GRC Strategy & Planning
|
- Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI DSS, ISO2700x
- Lead the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored.
- Establish and oversee formal risk analysis and self-assessments program for various Information Services systems and processes.
- Develop, promote, and monitor Elm Electronic Records Retention program. Work with business units to ensure data is properly classified.
|
- Policies, Processes & Procedures
|
- Implement approved departmental policies, processes, procedures and provide instructions to subordinates/team members and monitor their adherence so that work is carried out in a controlled manner.
- Comply with all relevant safety, quality and environmental management policies, procedures, and controls to ensure a healthy and safe work environment
|
- Information Security
|
- Ensure the compliance with all relevant information security practices and standards to ensure data integrity and confidentiality
|