1 To assess the likelihood of the risks identified that could materialize and their impact. 2 To design and implement processes by which identified risks can be managed and mitigated. 3 To provide solutions how to reduce the incidence of the risk identified materializing. 4 To set up an effective risk management and control processes. 5 To provide assurance that the processes and key risks are being effectively managed. 6 To continuously develop policies and procedures on risk and control. 7 To quantify the cost of operating particular controls relative to the benefits obtained in managing the related risks. 8 To explore strategies to be adopted to reduce the incidence and impact on MPA of those risks that do materialize. 9 To monitor the IT system and ensure that software implemented are reliable to provide relevant information to Management for good decision making. Information Security Officer Duties 10 To coordinate the development of MPA information security policies, standards and procedures 11 To work with key IT office, data custodians and governance groups in the development of such policies, standards and procedures 12 To ensure that MPAs policies support compliance with external requirements 13 To oversee the dissemination of policies, standards and procedures. 14 To coordinate the development and delivery of an education and training programme on information security and privacy matters for employees, and other authorized users. 15 To serve as MPA compliance officer with respect to information security policies and regulations. 16 To develop and implement an Incident Reporting and Response System to address security incidents (breaches) and to respond to alleged policy violations, or complaints from external parties 17 To serve as the official contact point for information security, privacy and copyright infringement incidents, including relationships with law enforcement entities 18 To develop and implement an ongoing risk assessment program targeting information security and privacy matters 19 To recommend methods for vulnerability detection and remediation 20 To oversee vulnerability testing 21 To represent MPA on Information Security matters 22 To keep abreast of latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to the MPA and its mission 23 To participate actively in MPA Disaster Recovery Planning 24 To ensure that staff of the department are properly trained 25 To assist in the implementation of a performance management system 26 To be fully responsible and accountable in respect to successful implementation of projects falling under the purview of the department and more specifically with respect to: (i) timely completion of project; (ii) adequacy in the fulfillment of the terms of contract; (iii) monitoring and reviewing of Contractors Performance and Compliance; (iv) periodic reporting with particular attention to identifying and addressing timely and appropriately any sub- standard performance or deviation; (v) monitoring of budget and actual costs of project and reporting of any variation. 27 To coach, guide and mentor all staff in his/her department 28 To play an active role in promoting safety and security at the MPA 29 To adhere to and promote MPAs corporate values 30 To contribute to the enhancement of the Port Environment