The ISM's job is composed of a variety of activities, including very
tactical, operational activities in support of the ISM's program
initiatives, such as:
➢ Information security program
➢ Security liaison
➢ Architecture/engineering support
➢ Operational tasks
Information security program
➢ Develop, customize as per areal specific, seek for approval from CISO,
implement and monitor information security program to ensure that the
integrity, confidentiality and availability of information meets business
requirements. Track the program implementation performance provide
regular reporting on the current status of the information security
program to manager and CISO. Report to CISO any deviations from the
program implementation plan;
➢ Identify critical IT-assets. Conduct periodic IT risk management activities
in accordance with Softline’s global IT risk management methodology;
➢ Manage and improve enterprise's information security organization via
policies, procedures, standards, rising up to CISO issues that are not
properly addressed locally.
➢ Facilitate information security governance and management through
making sure Softline’s guiding documents in the area of information
security are followed, requests from CISO are properly addressed locally
in a timely manner with expected result.
➢ Be the person responsible for information security certification and
certificates maintenance (i.e ISO 27kX, PCI DSS, and etc.).
➢ Manage (develop, maintain and publish up-to-date) information security
policies, standards and guidelines. Conduct trainings for employees
based on information security policies and practices.
➢ Develop, seek for approval by CISO and direct manager, communicate
and track implementation performance of information security technical
standards for example in the areas of remote access, cloud security.
➢ Develop, seek for approval and manage information security budgets.
Monitor and report them for variances.
➢ Meet KPIs defined by manager and CISO.
➢ Develop and enhance an information security management framework
based on the National Information Assurance Policy
➢ Liaise with the enterprise IT architecture team to ensure alignment
between the security and IT architectures.
➢ Develop and agree with the IT information security architecture. Make
sure information security tools and controls meet business requirements.
➢ liaise with IT management to align existing technical installed base and
skills with future architectural requirements.
➢ Recommend and coordinate the implementation of technical controls to
support and enforce defined security policies.
➢ Research, evaluate, design, test, recommend or plan the implementation
of new or updated information security tool or controls; provide
technical and managerial expertise for the administration of security
➢ Liaise among the information security team and corporate compliance,
audit, legal and HR management teams as required to minimize penalties
and claims from Governmental agencies. Ensure that security programs
comply with relevant laws, regulations and policies to minimize or
eliminate risk and audit findings.
➢ Liaise with external agencies, such as law enforcement and other
advisory bodies as necessary, to ensure that the organization maintains
a strong security posture.
➢ Assist resource owners and IT staff in understanding and responding to
security audit failures reported by auditors.
➢ Own and run information security controls for all domains in accordance
with well-known standards (for example ISO 27kX, NIST, PCI DSS and etc.)
➢ Participate in external audits, information security assessments,
penetration test and etc. make sure audits gain full understating about
information security controls in place and that auditors provide relevant
➢ Conduct implementation of modern security tools.
➢ Improve user awareness.
➢ Manage BCP&DRP (plans development, testing, training).
➢ Conduct re-reviews of IT and non-IT projects to ensure that security is
factored into the evaluation, selection, installation and configuration of
solutions, hardware, software, applications and processes.
➢ Conduct information security incidents management and reporting.
Maintain information security incidents database. Ensuring timely
reporting and adequate participation in investigation for ICT security
incidents, with Q-CERT and / or Law Enforcement agencies as applicable.
➢ Conduct internal audits and investigations in the area of IT and
information security including those with the use of specific tools: nmap,
Rapid7, Quails, MS ATA, MS ATP, Virus protection i.e. MS Defender,
Nessus, Wireshark and etc.
➢ Vulnerability management. Recommend treatment plans and
communicate information about residual risk;
➢ Handle alerts from security tools line MS Defender online, Sentinel, MS
Azure embedded security alerting functions;
➢ Maintain an information security knowledgebase comprising a technical
reference library, security advisories and alerts, information on security
trends and practices, and laws and regulations.
➢ Monitor the external threat environment for emerging threats, advise
direct manager and CISO on the appropriate courses of action.
➢ Ensure necessary security tools implemented in accordance with global
projects and guidelines.