1) Ensuring implementation and compliance to organization's information security policies (ISO27001),PCIDSS, and other Security and Privacy associated regulations and standards.
2) Facilitate external audits, customer audits, and actively project-manage the remediation of audit findings.
3) Serve as internal information security consultant to the organization. Responsible for security planning and effectively managing information security risks within the operating environment
4) Define information security policies, standards and processes for the organization
5) Implement, manage and report on adherence to information security policies & standards
6) Conduct and also perform reviews of overall information security risk assessments and associated activities including threat & vulnerability analysis, risk identification and review / approve security plans.
7) Identify, and report any gaps and issues in risk assessment, risk mitigation, control implementation, testing and monitoring and updating processes