Establish, maintain, monitor and improve the Information Security Management System (ISMS) by following ISO 27000 family, and also meet compliance requirements such as SOC2, HIPAA, GDPR, ISO 42001, WCMS (Workplace Condition Management System), etc.
Monitor security policies, processes and procedures to ensure compliance with Client’ security requirements and applicable government legal and regulations.
Develop best practices and security standards; implement security improvements by assessing current situations, evaluating trends and maintaining security controls.
Determine security violations and inefficiencies by conducting periodic security audits to identify potential vulnerabilities related to asset protection, ensure operational security controls are implemented and maintained properly.
Report non-conformity issues to the management and propose countermeasures for those issues to renovate the organization and operation of the Company in order to continuously improve the efficiency of business.
Evaluates security trends, evolvement of threats, vulnerabilities, and performs risk assessment and treatment plan; coordinate with related parties for consulting on remediation.
Develop and train employees for security awareness with best practices and company regulations/policies.
Develop and improve business continuity planning and disaster recovery procedures.
Perform other duties as assigned by higher level.