Chief Information Security Officer (CISO)

Responsibilities

• Information Security Manager and Coordinator of the Business Continuity Plan
• Develops the strategy and objectives in the field of information security, harmonized with the organization's strategy.
• Assesses and establishes the security domain and the management of information resources.
• Develops the planning of the information security management system based on the risk profile and risk appetite.
• Develops the governance elements of the information security management system.
• Carries out the monitoring and verifies the implementation of the action plan in the field of information security.
• Designs the organizational and procedural security measures necessary for addressing information security risks in accordance with the risk profile and risk appetite.
• Designs the security measures in operational processes in accordance with the risk profile and risk appetite.
• Establishes and verifies compliance with the management of access to resources and information.
• Ensures the integration of the information security requirements established at the organization's level into the contracts and activities of suppliers.
• Participates in the management of information security incidents with the aim of minimizing their impact on the business.
• Assesses the information security management system.
• Establishes the main level 1 and 2.1 controls and control indicators in the field of information security.
• Assesses the implementation and effectiveness of the level 1 and 2.1 control indicators in the field of information security.
• Advises the organization's management regarding the information security management system.
• Coordinates the Business Continuity Plan (BCP) and ensures its updating;
• Prepares the documentation for the meetings, participates in and drafts the Minutes of the Security Committee.
• Provides information and cooperates with specialized units when necessary (Legal, Compliance, Human Resources, etc.).
• Represents the organization within the CA Group regarding information security management.
• Represents the organization within professional or sectoral associations or before the relevant authorities regarding information security management.
• Ensures the correct reporting of data on losses caused by operational risks and their notification to the Operational Risks Service;
• Maintains permanent contact with the Anti-Fraud Service in order to ensure prompt reporting of any suspicions of fraud in the Department's area;