Roles

Responsibilities

Executive Leadership

• Approves Capital Expenditures for Information Security and Privacy programs and initiatives

• Oversight over the execution of the information security and Privacy risk management program and risk treatments

• Communication Path to ecoPortal Board of Directors

• Aligns Information Security and Privacy Policy and Posture based on ecoPortal’s mission, strategic objectives and risk appetite

CTO

• Oversight over the implementation of information security controls for infrastructure and IT processes

• Responsible for the design, development, implementation, operation, maintenance and monitoring of IT security controls

• Ensures IT puts into practice the Information Security Framework

• Responsible for conducting IT risk assessments, documenting identified threats and maintaining risk register

• Communicates information security risks to executive leadership

• Reports information security risks annually to ecoPortal’s leadership and gains approvals to bring risks to acceptable levels

• Coordinates the development and maintenance of information security policies and standards

• Works with applicable executive leadership to establish an information security framework and awareness program

• Serve as liaison to the Board of Directors, Law Enforcement, Internal Audit and General Council

• Oversight over Identity Management and Access Control processes

Head of Engineering

• Oversight over information security in the software development process

• Responsible for the design, development, implementation, operation, maintenance and monitoring of development and commercial cloud hosting security controls

• Responsible for oversight over policy development related to systems and software under their control

• Responsible for implementing risk management in the development process aligned with company goals

ecoPortal Employees, Contractors, temporary workers, etc.

• Acting at all times in a manner which does not place at risk the health and safety of themselves, other person in the workplace, and the information and resources they have use of

• Helping to identify areas where risk management practices should be adopted

• Taking all practical steps to minimize ecoPortal’s exposure to contractual and regulatory liability

• Adhering to company policies and standards of conduct

• Reporting incidents and observed anomalies or weaknesses

Chief Human Resources Officer

• Ensuring employees and contractors are qualified and competent for their roles

• Ensuring appropriate testing and background checks are completed

• Ensuring that employees and relevant contractors are presented with company policies and the Code of Conduct (CoC)

• Ensuring that employee performance and adherence the CoC is periodically evaluated

• Ensuring that employees receive appropriate security training

COO

• Responsible for oversight over third-party risk management process

• Responsible for review of vendor service contracts