Information Security Manager
- To provide leadership and guidance on managing the risks to the confidentiality, integrity and availability of Company’s intellectual property and information technology assets.
- To align security with business goals.
- Provide independent assessments and advisory relating to information security-related risks to management, Board, GRCC, ITSC and functional heads of business.
- Main liaison point with the regulators on matters pertaining to information security.
- Implement, review and revise frameworks, policies and standards on information governance, risk management, and compliance.
- Review and ensure compliance with relevant regulatory frameworks, guidelines, circulars and memos from the regulators.
- Manage risks and non-compliance in accordance with Company products & services’ defined risk management methodologies, and within defined risk appetites.
- Work in close consultation with the Head of ISD (1st line function) and independent auditors (3rd line function) to identify key risk areas for mitigation, or opportunities for improvement and derive value from IT initiatives and investments.
- Advocate information security awareness, good governance and good practices across all functional departments.
- Any other task assigned by management.
- To establish and maintain enterprise vision, strategy and program to ensure information assets and technologies are adequately protected.
- Provide strategic and tactical planning, development, evaluation and co-ordination of IT Security.
- Support the development and implementation of IT Security Architecture and Best Practices.
- To identify, develop, implement and maintain processes (standards and controls) across Company to reduce information and information technology risks.
- Oversee the QRadar risk register and work with business functions to ensure information security-related risks are updated, and correctly tracked in accordance with defined methodologies.
- Provide an independent assessment on information security risks and mitigation strategies pertinent to projects, initiatives, operational processes, outsourcing arrangements and systems design/architecture.
- Work in close consultation with SPA counterparts to align Company’s risk management strategies pertaining to information security risks with the Group Strategy.
- Report to SEM information security governance committee on information security related matters pertaining to Company.
- Following are
the areas of responsibilities but not limited to:
- Cybersecurity, Cyberrisk and cyber intelligence – include keeping abreast of developing security threats and helping the Board understand potential security problems that might arise;
- Data loss and fraud prevention – making sure internal staff does not misuse or steal data;
- Identity and access management – ensuring only authorized people have access to restricted data and systems;
- Disaster Recovery and business continuity management;
- Identity and access management;
- Data and information management:
- Information privacy;
- Information regulatory compliance;
- Information risk management;
- Information security;
- Information technology controls;
- Information security awareness program;
- Governance – making sure the above initiatives executed and practiced, and ensure corporate leadership understands their importance.
- To work cooperatively foster teamwork using effective communication and helping peers and subordinates to meet projects and service expectations.
- Must have minimum of 12 years relevant work experience including at least 5 years in a management role;
- A Degree in IT with a security focus.
- Well versed in security centric technologies and industry compliance.
- Must possess minimum certifications in either CISSP, CISM or CEH.
- Skills/Knowledge required:
- Security architecture development
- Disaster recovery planning
- Network security and firewall management
- Identity management
- Crisis response and remediation
- Application and database security
- Data and information management (classification, retention, and destruction)
Interested candidates kindly send your updated CV to email@example.com.
For more updates of job opportunities:
Like us at our Facebook Page https://www.facebook.com/SixDegreeConsulting.
Follow our LinkedIn Page: LinkedIn – Six Degree Consulting (Executive Search & Payroll)