The Head of Cyber Security & IT Governance is responsible for leading and coordinating efforts to protect the organization digital assets, ensuring compliance with regulatory requirements, and establishing effective IT governance practices. The role will report to the Director, Digital Technology & Innovation and work closely with the other Digital Head of Units to explore, evaluate, improve and innovate related to the role's functions.
Responsibilities:
- Developing Cybersecurity Strategy: The Cybersecurity Head is responsible for developing and implementing a comprehensive Cybersecurity strategy aligned with the organization goals and objectives. This involves assessing the current state of Cybersecurity, identifying potential risks and vulnerabilities and designing plans to mitigate them.
- Risk Management: Identifying, assessing and prioritizing Cybersecurity risks to the organization systems, networks and data. This includes conducting risk assessments, developing risk management strategies and ensuring compliance with relevant regulations and standards.
- Cybersecurity Architecture and Design: Overseeing the design, implementation and maintenance of the organization Cybersecurity architecture, including networks, systems, applications and infrastructure. This involves selecting and deploying appropriate Cybersecurity technologies and controls to protect against cyber threats.
- Incident Response and Management: Developing and implementing incident response plans to effectively detect, respond to and recover from Cybersecurity incidents such as data breaches, malware infections and cyber-attacks. This includes coordinating response efforts, conducting post-incident analysis and implementing measures to prevent future incidents.
- Cybersecurity Awareness and Training: Educating employees and stakeholders about Cybersecurity best practices, policies and procedures to promote a culture of Cybersecurity awareness within the organization. This may involve conducting training sessions, cyber-attack simulations, creating educational materials, nurturing the Cyber Ambassadors and promoting Cybersecurity awareness campaigns.
- Compliance and Governance: Ensuring compliance with relevant Cybersecurity regulations, standards and frameworks applicable to the organization industry and jurisdiction. This includes monitoring regulatory developments, conducting audits and maintaining documentation to demonstrate compliance.
- Vendor and Third-Party Risk Management: Assessing and managing Cybersecurity risks associated with third-party vendors, suppliers and partners who have access to the organization systems or data. This involves conducting due diligence, establishing Cybersecurity requirements and monitoring vendor compliance.
- Cybersecurity Incident Reporting and Communication: Serving as the primary point of contact for Cybersecurity incidents and communicating with executive management, stakeholders, and external parties as necessary. This includes providing regular updates on the organization Cybersecurity posture and incident response activities.
- Continuous Improvement: Continuously evaluating and improving the organization Cybersecurity posture through proactive monitoring, threat intelligence analysis and Cybersecurity testing. This involves staying abreast of emerging threats and technologies to adapt Cybersecurity measures accordingly.
Qualifications:
- Bachelor's degree in Computer Science/Information Technology specializing in Information Technologies/Computer Sciences Studies/Business Studies or any equivalent work experience.
- At least 10 years of proven working experience in Cybersecurity & IT Governance.
- Minimum 7 years of hands-on work experience in IT Infrastructure & Enterprise Application technical competencies for on-premises and cloud environments (end-user computing, server & storage, cloud computing, web application, network and firewall, service desk) including relevant Cybersecurity & IT Governance
- Proven track record in implementing and managing Zero Trust Framework which include Data Leakage Prevention, Zero Trust Network Access, Identity Access Management lifecycle, IT Managed Services, Equipment Leasing and Cybersecurity Awareness Programs.
- Strong experience and hands-on in Cybersecurity investigation, containment, mitigation, remediate management with the ability to triage, reproduce, recommend remediations and implement fixes for vulnerabilities or cyber-attacks.
- Experience in the technical & management of User Directory Platform, Microsoft Office 365 Productivity Platform, Multi-Cloud Platform, Antivirus, Patch management, Web/Application/Database Cybersecurity, Cyber Insurance, Cyberdrill, Red Teaming Activity and vulnerability assessment.
- Experienced in supporting regulatory compliance (e.g. ISO 20000, ISO 27001, NIST, COBIT, CIS) other relevant professional certifications i.e. Azure/AWS/G-suit/Oracle Cloud, CISA, CISM, CISSP, CGEIT would be an added advantage.
