Implement and support the data protection security, resilience, and risk management requirements of AIR Global data, applications, IT systems, on-premises and cloud infrastructure to ensure Cybersecurity threats and risk are managed as per the AIR Global risk appetite.
- Support & Implement comprehensive data security policies and procedures, with a focus on data classification and data loss prevention (DLP).
- Utilize tools such as Microsoft Purview and Forcepoint to monitor, classify, and protect sensitive data.
- Conduct regular risk assessments and vulnerability analyses to identify potential threats and implement mitigation strategies.
- Monitor and respond to security incidents and breaches, ensuring timely resolution and documentation.
- Collaborate with IT and other departments to ensure compliance with security standards and regulations.
- Design and execute security training programs for employees to promote awareness and best practices in data security and risk management.
- Stay updated with the latest security trends, technologies, and regulatory requirements.
- Prepare detailed reports on security incidents, risk assessments, and compliance audits.
- Manage and maintain security tools and technologies, such as data firewalls, intrusion detection systems, and encryption software.
- Conduct risk assessments to identify and evaluate IT risks across the organization.
- Develop and implement risk management strategies and controls to mitigate identified risks.
- Perform regular audits and reviews of IT systems, processes, and controls to ensure compliance with internal policies and external regulations.
- Collaborate with IT and other departments to develop and maintain IT risk management frameworks and policies.
- Monitor and report on the effectiveness of risk management and assurance activities.
- Stay updated with the latest IT security trends, threats, and regulatory requirements.
- Provide recommendations for improving IT risk management and assurance processes.
- Assist in the development and delivery of training programs on IT risk management and assurance.
- Prepare detailed reports on risk assessments, audit findings, and compliance status.
- Documentation and Reporting: Document all steps taken during the risk assessment process and create reports summarizing the identified risks, mitigation strategies, and the overall risk landscape for stakeholders.
Qualification:
- Microsoft Certified: Azure Security Engineer Associate
- Microsoft Certified: Identity and Access
- Certified Forcepoint DLP Administrator
- Microsoft Certified: Information Protection and Compliance Administrator Associate
- ISACA IT Risk Fundamentals
Experience:
- 3 to 4 years of experience working in medium to large organizations as an data security or information security and assurance admin. Demonstrated strong technical and security expertise in implementing and managing data security and IT risk management controls, including Microsoft Purview, forcepoint, email security, XDR and cloud environments (Azure & AWS).
- Understanding of information security principle and standards (NIST, ISO27001 & 2, CIA)
- Minimum of 3-5 years of experience in IT risk management and data classification.
- Demonstrated experience in conducting risk assessments and implementing risk mitigation strategies.
- Hands-on experience with data classification tools and methodologies.
- Proficiency in using DLP tools such as Microsoft Purview and Forcepoint.
- Experience in developing and delivering security training programs.
- Familiarity with security frameworks and standards (e.g., ISO 27001, NIST
- Strong understanding of the changing threat landscape and how this may affect our systems
- The ability to challenge concerns and report through appropriate channels
- Self-drive, motivation and the ability to work independently to deliver expected outcomes
- In-depth understanding of data and security risks in a medium to large enterprise
- Strong analytical and report writing skills
