Job Description
- Develop and maintain information technology and security policies and procedures and ensure that they are aligned to business requirements, information technology strategy, legal/regulatory requirements, and leading industry standard frameworks such as ITIL, COBIT, NIST, ISO 20000, and ISO 27001.- Assist in liaising with ISO and HR to develop policies, procedures, and controls to ensure that they aligned to the business requirements.- Review and propose changes to existing policies and procedures to reflect existing business requirements and compliance with applicable regulations.- Develop, publish, and maintain information security standards for all applicable technologies and information system within the company aligned with leading industry standards such as CIS and NIST.- Collaborate with the H5 group to develop and maintain information technology and security processes and procedures.- Review policy and technology standards exception/waiver requests and recommend appropriate risk mitigation/acceptance approach aligned with the Enterprise Risk Management framework.- Identify and report information technology and security policy, procedure, and standards related metrics to demonstrate value to the IT Director.- Interface with information security awareness function and change management teams to foster awareness of company policies, procedures, and standards among Magnecomp staff.- Interface with other departments to understand business requirements and the role of information systems in supporting business processes.- Interface with the Risk, Certification, and Accreditation team, and Compliance teams to ensure necessary changes reflected in policies to address the risks identified.- Help foster effective teams committed to organizational goals, foster collaboration among team members and teams and use teams to address relevant issues.