The core purpose of the role is to establish and maintain a framework that provides assurance that information security and strategies are aligned with and support business objectives, are consistent with applicable laws and regulations through the adherence to policies and internal controls and provide assignment of responsibilities, all in an effort to manage risk. The role also includes ensuring compliance with all the relevant privacy regulations, coordinating IT audits and playing a key supporting role in disaster recovery planning and testing.