Senior Information Security and Business Continuity Officer

ESSENTIAL DUTIES

·      Develop, implement, and maintain the organization’s information security policies, standards, and guidelines to protect information assets;

·   Lead incident response efforts in the event of security breaches or disruptions, including investigation, remediation, and reporting;

·    Develop and maintain business continuity and disaster recovery plans to ensure that critical business functions continue in case of major disruptions;

·      Plan, coordinate and monitor implementation of business and disaster recovery exercises;

·    Ensure compliance with relevant regulations and standards such as ISO 27001, NIST and other applicable standards. Lead exercises to assess the organization’s information security posture;

·   Provide training to staff and stakeholders on information security best practices and business continuity procedures;

·    Manage and evaluate third-party security risks, ensuring that external partners comply with organizational security standards;

·     Continuously evaluate and improve the effectiveness of the organization’s information security and business continuity strategies to adapt to emerging threats and technologies;

·  Regularly report on the status of information security and business continuity initiatives to senior management, including key metrics, incidents, and improvement plans;

·      Organize and lead regular Security & Resilience Committee meetings;

·  Conduct regular risk assessments to identify and evaluate potential threats and vulnerabilities, and recommend mitigation strategies;

·      Monitor Data Loss Prevention (DLP) signals and manage DLP incidents;

·      Coordinate with key stakeholders in conducting annual Business Impact Analyses.

EDUCATION & EXPERIENCE              

·      A bachelor’s degree in Information Security, Computer Science, Risk Management, or a related field. A master’s degree or relevant certifications (CISSP, CISM, CBCP, etc.) are preferred.

·      Minimum of 5 years of experience in information security, IT risk management, business continuity plannig or related field in financial, telecom or other regulated industry. Having managerial experience is preferred.

LANGUAGE SKILLS

·      Proficiency in written and verbal Azerbaijani and English communication is required.

COMPUTER SKILLS                                       

·      Proficiency in security software tools (firewalls, SIEM systems, endpoint protection, etc.);

·      Knowledge of cloud security models, infrastructure protection, encryption, and cybersecurity threat intelligence platforms;

·      Hands-on experience with governance, risk, and compliance (GRC) tools, as well as business continuity planning software;

·      Proficient in Microsoft Office Suite (Word, Excel, PowerPoint, Outlook) for reporting and presentations.

QUALIFICATIONS

·      Extensive experience in information security and business continuity management;

·      Proven experience leading incident response and risk management initiatives;

·      Strong understanding of regulatory compliance requirements, as well industry standards, including ISO 27001, NIST, and others;

·      Ability to assess security vulnerabilities and recommend strategic mitigation measures.