Maintain an enterprise-wide information security governance & ISMS framework that

aligns with business objectives, regulatory requirements, and industry best practices.

Develop, maintain, and enforce security policies, standards, and procedures.

Lead strategic planning initiatives for security risk management, ensuring alignment

with ISO 27001 requirements.

Design, implement, and manage a security risk management framework that includes

risk assessments, control evaluations, and mitigation strategies.

Oversee and continuously improve the processes for vendor security risk assessments,

ensuring third-party risks are effectively managed.

Develop and monitor key risk indicators (KRIs) and performance metrics to evaluate the

effectiveness of security controls and risk mitigation efforts.

Oversee the development, implementation, and ongoing management of the

organization s security policies.

Prepare and lead the organization s readiness for external and internal security audits,

including ISO 27001 certification audits.

Build and run security awareness and phishing simulation programs and promote an

organization-wide culture of security accountability.

Ensure ongoing compliance with local regulatory frameworks, including those issued by

CBE, FRA, and related bodies.