• Managing the information security awareness program AKU-wide.
• Prepare, assess and enforce information security policies, standards, guidelines and procedures to ensure ongoing maintenance of security for all campuses.
• Review of audit logs, risk assessments, vulnerability assessments, gap analysis etc. to identify security vulnerabilities and weaknesses AKU-wide.
• Recommendation and evaluation of new information security technologies and practices along with improvements in the existent architecture and infrastructure as per the globally approved laws and standards.
• Managing and driving remediation efforts coming from areas including but not limited to from internal and external audits.
• Responsible for information security incident management AKU-wide including ensuring information security events, weaknesses, threats and incidents associated with information systems and networks are communicated for timely response along with giving recommendations.
• Responsible for adherence to Information Regulatory Compliance (Globally) and compliance with information security policies and standards.
• Evaluate and recommend new global information security technologies.
• Evaluate and recommend counter measures against threats to information or privacy globally.
• To work with other departments and vendors to supervise AKU-wide information security requirements are incorporated into the rollout of new systems.

The key job responsibilities for this position are to:
1. Penetration testing and Ethical hacking to find vulnerabilities in infrastructure. Ensure the security of critical systems (e.g., e-mail servers, database servers, web servers, cloud infrastructure, network infrastructure etc) in coordination with relevant team leads.
2. Ensure and manage the implementation of Information Security Management System using ISO/IEC 27001:2005 in particular Information Systems security.
3. Develop and ensure the compliance of all the applicable policies, procedures and controls of Information Security Management System.
4. Identify and assess the risk associated with current and new information assets, information systems, new/modified business processes.
5. Perform risk assessment of information systems, information assets and suggest areas of improvement.
6. Facilitate all the departments in the development, maintenance and testing of Business Continuity and Disaster Recovery Plans.
7. Perform vulnerability assessment.
8. Conduct quarterly Information Security Audit and member of Information Security Forum.
9. Track and manage Information Security incidents and lead its investigation.
10. Responsible for the automating and implementing Information Security tool(s) or application(s) independently or with the team.
11. Develop policies, procedures, templates and other relevant information security management system documentation.
12. Act as Management’s representative in external/third party audits.
13. Implementation of PCI-DSS standard within organization