Responsibilities:
- Drive the development of policies, controls, standards and procedures that incorporate all applicable legislative requirements, industry standards and best practices. Consult on the implementation where necessary
- Monitor information security trends and changes in the threat landscape. Keep senior management and relevant stakeholders informed. Propose projects/changes activities to address control gaps
- Deliver compliance and governance reporting, including developing and maintaining key risk and performance indicators
- Work with senior stakeholders to maintain an information security management system (ISMS) and develop an information security strategy
- Drive alignment, integration and consistency of security management across the Group. Identify and escalate significant variances
- Support the delivery of security risk assessments and 2nd line compliance assurance programmes. Manage security risk register/enterprise security risk profile
- Support the resolution of cyber security audit actions
- Support investigation of security breaches and pursue associated forensic analysis, disciplinary and legal matters
- Support security governance committee meetings. Prepare management reports, consultative papers and presentation materials
- Liaise with key stakeholders in information technology regarding information security initiatives
- Provide guidance, awareness training and advocacy of information security and data privacy across the group
- Develop relationships with industry partners, law enforcement, regulators and other related government agencies
Requirements:
- An intelligent, articulate, consensus building, persuasive individual with highly effective communication skills for delivering information security/data privacy messages to a broad range of technical and non-technical audiences
- University degree in business, technology, information security, computer science or related fields of study
- Over 14 years security experience in which at least 6 years Senior Management experience or above gained from multinational financial institutions or consulting organizations
- Project management experience and literate in IT risk management, IT risk auditing and/or compliance
- Strong knowledge in IT environment and security related controls from both a tactical and strategic viewpoint
- CISSP or other security certification/accreditation preferable
- Knowledge of regulatory developments and supervisory practices
- Knowledge of NIST Cyber Security Framework (CSF) and/or Identity & Access Management (IAM) technologies and processes advantageous but essential