Be the first to apply!

Information Security Officer

Orysys Limited   Colombo • Full-time

We are seeking for a dynamic professional to oversee and manage the organization's Information Security Management System (ISMS). This role involves leading the development, implementation, and continuous improvement of information security policies, frameworks, and strategies to ensure the comprehensive protection of the organization's information assets.

Key Responsibilities:

  • Establish and maintain a robust information security governance framework to support effective decision- making and accountability.
  • Develop and manage security policies, procedures, and controls in line with Group standards and regulatory requirements.
  • Implement the organization's information security strategy and roadmap, aligned with Group priorities.
  • Ensure compliance with applicable laws, regulations, and internal security standards.
  • Lead risk management, security assessments, audits, and remediation activities.
  • Oversee incident management and response, ensuring timely detection, escalation, and resolution.
  • Monitor threats and maintain security dashboards to track the organization's security posture.
  • Drive security awareness and training initiatives across the organization.
  • Provide regular reporting and escalation on security risks, incidents, and control effectiveness.
  • Collaborate with the relevant team to ensure consistent security practices across the organization.

Qualifications:

  • Bachelor's degree in Information Security, Computer Science, IT, or related field (specialization in Information Security preferred).
  • Minimum 06 years of experience in information security governance or related domains.
  • Professional certifications such as CISSP, CISM, or equivalent are highly desirable.
  • Proven experience in information security, cyber risk management, and regulatory compliance.
  • Strong understanding of local regulations and information security frameworks/standards.
  • Ability to operate with independence and authority to enforce security controls and compliance.
  • Excellent leadership, communication, and stakeholder management skills.
  • Ability to maintain objective oversight, independent of operational IT functions.