· Coordinate Security Steering Committee activities
· Develop and maintain Information Security Management System for Certification Authority including development of policies, and processes related to info sec based on standards.
· Develop a risk management framework
· Conduct periodic reviews/risk assessments to ensure risks are addresses to be in compliance with the internal/external auditors and regulatory requirements.
· Is responsible to maintain the inventory of all PKI assets along with IT Ops Team
· Maintain ISMS certification against int standards such as ISO 27001 or NIST CSF
· Develop and maintain a data classification program
· Maintain Certification Authority risk register
· Develop vulnerability assessment plan, coordinate vulnerability assessment, and penetration testing tasks, develop and present vulnerability assessment reports to Management.
· Manage security incident response within the Certification Authority.
· Develop and conduct security awareness programs and sessions.
· Develop and maintain Business Continuity mgmt program
· Prepare monthly reports on Certification Authority security status.
|