Security Governance & Risk Compliance
Develop and disseminate corporate security policies, frameworks and guidelines to ensure that day-to-day business operations guard or are well protected against risks, threats and vulnerabilities
Type
Functional
Competency Area
Risk Management, Governance and Regulatory Compliance
Levels
Identify security risks in business operations proactively
Assess adherence of applications and infrastructure components to security standards and baselines
Identify lapses in organisational security standards or issues that may endanger information security and integrity
Develop specific action plans for different business units, based on corporate security policies, standards and guidelines
Evaluate technologies and tools that can address security gaps and facilitate alignment with security policies
Introduce security controls in line with corporate security policies and frameworks
Roll out security guidelines and protocols, ensuring understanding and compliance
Review adequacy of information security controls
Highlight areas for improvement and propose solutions
Evaluate security risks and establish corporate security policies and frameworks
Identify existing security risks, threats and vulnerabilities and analyse gaps in current organisational security policies
Develop corporate security policies based on organisation's direction, to ensure business operations are well protected
Recommend improvements, updates or modifications to current security policies and practices, to address potential security gaps
Introduce suitable technologies, processes and tools to monitor, guide and maximise compliance with security policies
Drive communication of corporate security policies and implementation of security protocols
Establish internal processes to regularly review adequacy of information systems' security controls against set benchmarks
Anticipate potential security threats and emerging trends in security management
Set direction for the organisation's corporate security policies, frameworks and protocols, in line with business requirements and the external environment
Endorse proposals for updates or enhancements to corporate security policies
Establish benchmarks and targets for information systems operations and processes to be regularly reviewed against