Job Description

You will be a member of the SIA Group Information Security team reporting to the CISO. You will support CISO in developing, implementing, and maintaining a comprehensive information security program encompassing Governance, Risk and Compliance for our organization.

Lead lean and agile team supplemented with AI and automation. Opportunity to gain exposure and adopt AI LLM to drive positive cybersecurity outcomes and achieve higher level of cyber resilience.

Key Responsibilities

1. Strategy and Planning

• Assist the CISO in developing and executing the organization's information security strategy and roadmap
• Support and improve regular executive cyber reporting (metrics and maturity level) to management and board

2. Policy Framework Lifecyle Management

• Manage info security policy framework consisting of policies, standards, and guidance
• Establish lifecycle management of policies to ensure regular reviews and improvements are made to ensure organizational agility and relevance
• Engage stakeholders in lifecycle management including Management and Subject Matter Experts in development and maintenance of content
• Monitor and include applicable regulatory security requirements
• Ensure alignment of wider Group to Policy and Standards

3. Group Cyber Resilience Initiatives

• Develop unified cybersecurity resilience framework for wider Group
• Drive and coordinate Group wide cyber resilience initiatives in collaboration with cyber operations and architecture teams
• Manage third party cybersecurity maturity assessments across Group
• Regular reporting of status of Group wide adoption of cyber capabilities and maturity level
• Facilitate regular Group meetings to align on strategic initiatives, share best practices and address challenges

4. Risk Management

• Modernize and maintain information security risk management framework including asset criticality assessment, risk identification, mitigation and monitoring
• Establish key cyber risk indicators (KRIs) and metrics to continuously monitor and report on the organization's security risk posture
• Manage third party cyber risk management framework and reporting of third-party cyber risks
• Align and interface with Enterprise Risk Management framework

5. User-Centric Training and Awareness

• Lead comprehensive infosec awareness program across enterprise
• Conduct and report on regular phishing exercises and improve users' ability to recognize threats
• Develop and conduct role specific training for different departments and seniority
• Create and maintain an engaging campaign using gamification and various media channels
• Organize and participate in user outreach activities such as company events

6. Project Governance and Oversight

• Work with infosec project owners to ensure on-time delivery of cyber capabilities and regular reporting of milestones and KPIs
• Govern internal team compliance to applicable corporate policies (IT, HR, Finance and procurement)
• Support allocation and monitoring of budget utilization by project owners and wider team
• Conduct and coordinate control self-assessments

7. Cyber Security Maturity Assessment (CSMA)

• Manage Cybersecurity Maturity Assessment Program
• Evaluate and select third party provider to conduct CSMA across Group
• Manage provider and Group to prioritize and validate findings and recommendations
• Ensure timely and accurate assessments, and executive reporting

Requirements

• Degree in IT or related fields, with at least 10 years relevant information security working experience in leading cross functional enterprise initiatives
• Experience with Governance, Risk and Compliance (GRC) activities and support CISO initiatives
• Experience in modern security technologies and practices on diverse environments such as on prem, cloud IaaS, PaaS and SaaS
• Experience with using AI LLM and automation to support work an advantage
• Work extensively across multiple stakeholders of different functional teams at different seniority levels
• Strong oral, written, presentation and inter-personal skill
• Possess positive attitude with drive, initiative, enthusiasm, and a keen sense of urgency in resolving high-priority issues and high-velocity changes
• Able to work independently and in a team-oriented, collaborative environment.
• Professional security certifications (CISSP, SANS) preferred