Cyber And Data Breach Incident Management

N/A

N/A

• Develop incident management procedures and synthesise incident-related analyses to distil key insights, resolve incidents and establish mitigating and preventive solutions.
• Apply and maintain specific security controls as required by organisational policy and local risk assessments.
• Communicate security risks and issues to business managers and others.
• Perform basic risk assessments for small information systems.
• Contribute to the identification of risks that arise from potential technical solution architectures.
• Suggest alternate solutions or countermeasures to mitigate risks.
• Define secure systems configurations in compliance with intended architectures.
• Support investigation of suspected attacks and security breaches.

• Provide guidance on the application and operation of elementary physical, procedural and technical security controls.
• Explain the purpose of security controls and perform security risk and business impact analysis for medium complexity information systems.
• Identify risks that arise from potential technical solution architectures.
• Design alternate solutions or countermeasures and ensure identified risks are mitigated.
• Investigate suspected attacks and support security incident management.
• Formulate incident response strategies and direct teams in the remediation, resolution, communication and post-mortem of large- scale, unpredictable cyber and data incidents.
• Develop and communicate corporate information security policy, standards and guidelines.
• Ensure architectural principles are applied during design to reduce risk.
• Drive adoption and adherence to policy, standards and guidelines.
• Provide advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
• Contribute to development of information security policy, standards and guidelines.
• Obtain and act on vulnerability information and conduct security risk assessments, business impact analysis and accreditation on complex information systems.
• Investigate major breaches of security, and recommend appropriate control improvements.
• Develop new architectures that mitigate the risks posed by new technologies and business practices.

• Direct the development, implementation, delivery and support of an enterprise information security strategy aligned with the business strategy.
• Ensure compliance between business strategies and information security.
• Lead the provision of information security expertise, guidance and systems needed to execute strategic and operational plans.
• Secure organisational resources to execute the information security strategy.
• Contribute to the development of organisational strategies that address information control requirements.
• Identify and monitor environmental and market trends and proactively assess impact on business strategies, benefits and risks.
• Lead the provision of authoritative advice and guidance on the requirements for security controls in collaboration with subject matter experts.
• Drive cross-collaboration efforts to co-develop strategies to manage cyber and data incidents on an industry, national or international scale.