Senior Information Security Officer(Please kindly note that this role is ONLY open to Brisbane based candidates who possess valid working rights, ideally citizenship or long term visa).JOIN A LEADING GLOBAL GROUP POWERED BY AMBITIOUS PEOPLE WHO ARE TRULY PASSIONATE ABOUT DELIVERING THE BEST IN EVERYTHING THEY DO 🌍Key Responsibilities
- Contribute to the management and maintenance of PCCW Global's Information Security Management System (ISMS) in accordance with the ISO 27001 standard.
- Develop and maintain Information Security risk management policies, processes and procedures to support ISMS implementation and improvement.
- Identify, assess, and monitor Information Security risks, threats and vulnerabilities.
- Gather and analyse risk data to produce risk reports.
- Undertake Information Security risk assessments and maintain and update the Risk Register.
- Undertake Information Security control assessments to ensure controls are effectively managing risks and meeting applicable compliance obligations.
- Provide risk management guidance and support to other Information Security Officers as required
- Produce and present Information Security measurements and metrics.
- Conduct compliance audits, including internal audits, across a range of Information Security controls that support the certification requirements of ISO 27001.
- Facilitate and coordinate external compliance audits and ensure that audit findings are actioned as required.
- At least 5 years' experience working in Information Security, audit and risk management.
- End-to-end ISMS implementation experience.
- Familiarity with key frameworks e.g. ISO 27001, PCI-DSS, NIST.
- Industry certifications such as CISA, CISM, CISSP, CRISC are beneficial but not essential.
- Experience running workshops, demonstrations and training.
- Proven ability to interact with technical and business stakeholders.
- Breadth and depth of knowledge in a range of technologies, security concepts and best practices.
- Highly developed communication and organisational skills.
- Experience with networking, software development or cloud platforms will be highly regarded.