Information Security Officer

Responsibilities:

- Formulating the Cyber Security Policy according to AIX’s risk management process;

- Implementation of ISO27002/27032 (Certification dated August, 2019), and meet on-going ISO27002/27032 requirements.

- Outlining a cyber security work plan based on the Cyber Security Policy;

- Implementing a cyber security work plan together with relevant company officers;

- Ongoing analysis and assessment of the cyber security plan and policy according to AIX’s needs, threats and responses, as well as its preparation for dealing with cyber events;

- Ongoing professional management and guidance in the areas of cyber security in AIX;

- Controlling the implementation and management of cyber security in the broad organizational context and according to the policy;

- Initiating and managing management reviews;

- Formulating and approving AIX’s cyber security procedures;

- Updating the policy document and cyber security procedures in AIX;

- Helping information owners determine the level of information sensitivity that will dictate the level of security required;

- Coordinating security activities between relevant company officers;

- Raising employee awareness of cyber security issues;

- Involvement in projects and purchasing of products and services, whose acquisition has cyber security implications for AIX, with responsibility for assimilating and implementing cyber security mechanisms;

- Involvement in reception tests, as well as the deployment and assimilation stage of new ICT systems;

- Manage response and recovery process (determine containment ability while examining procedures and methods for addressing damage scenarios);

- Vendor Management (procurement, finance budget, etc.);

- IT Assessment of all new brokers for onboarding;

- Manage and support security control.

Requirements:

- Higher education (Computer Science, Information Technology)

- ISO 27001, CISSP, CISM certificates would be plus

- Experience in Cloud security, information security management system, risk assessment, etc.