chief ICT security officer

Analyse the operations and actions of a company in order to assess their repercussions, possible risks for the company, and to develop suitable strategies to address these.

Develop and implement procedures for identifying, assessing, treating and mitigating ICT risks, such as hacks or data leaks, according to the company's risk strategy, procedures and policies. Analyse and manage security risks and incidents. Recommend measures to improve digital security strategy.

Provide advice on security risk management policies and prevention strategies and their implementation, being aware of the different kinds of security risks a specific organisation faces.

Apply methods and techniques to identify potential security threats, security breaches and risk factors using ICT tools for surveying ICT systems, analysing risks, vulnerabilities and threats and evaluating contingency plans.

Define a comprehensive and proactive strategy for managing information and communication technology (ICT) security risks by establishing a set of measures and responsibilities to ensure the confidentiality, integrity and availability of information. Implement policies to prevent data breaches, detect and respond to unauthorised access to systems and resources, including up-to-date security applications and employee education.

Prepare, test and execute, when necessary, a plan of action to retrieve or compensate lost information system data.

Update methodology which contains steps to ensure that facilities of an organisation are able to continue operating, in case of broad range of unforeseen events.

Create company strategy related to the safety and security of information in order to maximise information integrity, availability and data privacy.

Design, apply, monitor and review an Information Security Management System (ISMS) that preserves the confidentiality, integrity and availability of information by applying a risk management process, and gives confidence to interested parties regarding the adequate management of such cybersecurity-related risks.

Design and implement business processes and technical solutions to guarantee data and information confidentiality in compliance with legal requirements, also considering public expectations and political issues of privacy.

Implement statements, assertions or rules that specify the appropriate use and protection of the ICT assets and systems from an organisation. These ICT security policies cover topics such as data classification, password management, access control and incident response.

Analyse the critical assets of a company and identify weaknesses and vulnerabilities that lead to intrusion or attack. Apply security detection techniques. Understand cyber attack techniques and implement effective countermeasures.

Guarantee compliance with established and applicable standards and legal requirements such as specifications, policies, standards or law for the goal that organisations aspire to achieve in their efforts.

Ensure you are properly informed of the legal regulations that govern a specific activity and adhere to its rules, policies and laws.

Keep up with new research, regulations, and other significant changes, labour market related or otherwise, occurring within the field of specialisation.

Survey and investigate recent trends and developments in technology. Observe and anticipate their evolution, according to current or future market and business conditions.

Facilitate communication between organisations and interested third parties such as suppliers, distributors, shareholders and other stakeholders in order to inform them of the organisation and its objectives.

Guarantee communication and cooperation with all the entities and teams in a given organisation, according to the company strategy.

Guide application and fulfilment of relevant industry standards, best practices and legal requirements for information security.