• Serve as a technical subject matter expert throughout the implementation and maintenance of security infrastructure and solutions; define and oversee the documentation of detailed standards (e.g., guidelines, processes, procedures)
• Oversee the modernization of cybersecurity architecture and recommend best practices.
• Analyze and correlate information security events to identify appropriate mitigation strategies.
• Assess the effectiveness of the information security measures against the organizational KPI/KRIs.
• Execute IT Risk assessment activities for identification, assessment, mitigation, and monitoring of risks.
• Collaborate with other Head of Departments for timely identification and management of risks.
• Standardize and Enforce Cybersecurity Policies, Baselines, and Standards.
• Establish a standard methodology for performing security tests in accordance with Etisalat Afghanistan’s security requirements.
• Advanced understanding of ISO 27001 and NIST Framework Required for assessment and implementation of security controls.
• Establish procedures and processes, tools, and technologies to continuously monitor the activities and behaviors of systems in the network.
• Develop and implement audit activities to provide oversight of internal compliance with information security policies and procedures and make recommendations to effect change when necessary.
• Analyze reports generated by the monitoring system to identify trends that might indicate a future risk.
• Provide oversight of third-party vendors to ensure compliance with information security standards and requirements.
• Review agreements and contracts for alignment and enforcement of information security requirements.
• Work closely with other teams to ensure proper execution, alignment, and effectiveness of security initiatives.
• Identify threats and risks that are relevant to the organization’s operations, systems, and strategic activities.
• Monitor the effectiveness of action plans in addressing information risks.
• Prepare information security performance reports based on results from analysis and correlation of information security events and incidents.
• Recommend suitable enhancements to improve information security KPIs and KRIs.
• Review business and security environment to identify existing security requirements.
• Review security policies, standards, and procedures by considering the threats identified and other information collected.
• Test incident response plans periodically to ensure response times and executed procedures are acceptable.
• Plan and Execute a Cybersecurity awareness program.
• Design, build, and maintain a robust and leading security infrastructure.