Roles

Responsibilities

Executive Leadership

Executive Leadership

• Approves Capital Expenditures for Information Security and Privacy programs and initiatives

• Oversight over the execution of the information security and Privacy risk management program and risk treatments

• Communication Path to ecoPortal Board of Directors

• Aligns Information Security and Privacy Policy and Posture based on ecoPortal’s mission, strategic objectives and risk appetite

IT

ManagerCTO

• Oversight over the implementation of information security controls for infrastructure and IT processes

• Responsible for the design, development, implementation, operation, maintenance and monitoring of IT security controls

• Ensures IT puts into practice the Information Security Framework

• Responsible for conducting IT risk assessments, documenting identified threats and maintaining risk register

• Communicates information security risks to executive leadership

• Reports information security risks annually to ecoPortal’s leadership and gains approvals to bring risks to acceptable levels

• Coordinates the development and maintenance of information security policies and standards

• Works with applicable executive leadership to establish an information security framework and awareness program

• Serve as liaison to the Board of Directors, Law Enforcement, Internal Audit and General Council

• Oversight over Identity Management and Access Control processes

VP Head of Engineering

• Oversight over information security in the software development process

• Responsible for the design, development, implementation, operation, maintenance and monitoring of development and commercial cloud hosting security controls

• Responsible for oversight over policy development related to systems and software under their control

• Responsible for implementing risk management in the development process aligned with company goals

Compliance Manager

• Responsible for compliance with the company’s contractual commitments

• Responsible for maintaining compliance with relevant data privacy and information security laws and regulations (e.g. GDPR, CCPA)

• Responsible for adherence to company adopted information security and data privacy standards and frameworks including SOC 2, ISO 27001 and Microsoft Supplier Data Protection Requirements (DPR) 

VP of Global Customer Support

• Oversight and implementation, operation and monitoring of information security tools and processes in customer production environments

• Execution of customer data retention and deletion processes in accordance with company policy and customer requirements

Systems Owners

• Maintain the confidentiality, integrity and availability of the information systems for which they are responsible in compliance with ecoPortal policies on information security and privacy

• Approval of technical access and change requests for non-standard access to systems under their control

ecoPortal Employees, Contractors, temporary workers, etc.

• Acting at all times in a manner which does not place at risk the health and safety of themselves, other person in the workplace, and the information and resources they have use of

• Helping to identify areas where risk management practices should be adopted

• Taking all practical steps to minimize ecoPortal’s exposure to contractual and regulatory liability

• Adhering to company policies and standards of conduct

• Reporting incidents and observed anomalies or weaknesses

Chief Human Resources Officer

• Ensuring employees and contractors are qualified and competent for their roles

• Ensuring appropriate testing and background checks are completed

• Ensuring that employees and relevant contractors are presented with company policies and the Code of Conduct (CoC)

• Ensuring that employee performance and adherence the CoC is periodically evaluated

• Ensuring that employees receive appropriate security training

COO

• Responsible for oversight over third-party risk management process

• Responsible for review of vendor service contracts