Chief Information Security Officer

Job Overview:

The appointment of the Chief Security Information Officers CISO who have familiarity with Cybersecurity Governance, Operations, Engineering and Testing in on-premises and major cloud platforms and their security features, will ensure security is well-considered and uplifted & digitalization transformation matters.

The incumbent will lead all aspects of info-comm security management by planning, refining, recommending and implementing strategies, policies, and globally accepted practices aligned with the regulatory requirements.

Responsibilities:

• Lead the formulation of cyber security strategies and work plan, policies, standards and guidelines, supporting digitalization planning and aligning with business strategic goals and policy baselines.
• Ensure the formulated security policies remain aligned with business security strategy goals with regular Gap analysis performed.
• Assist management in overseeing security matters, such as approving and tracking security work plan and resourcing, monitoring performance in security indicators and risk acceptance decisions.
• Govern the security posture by maintaining a full visibility of all systems (Assets) across different operating environments, the systems’ security design, implementation and operations through regular reviews.
• Implement Cybersecurity risk assessment and acceptance processes at the management level.
• Review, provide consultation and endorse risk management and mitigation plans from project teams.
• Provide advisory and consultancy on the appropriate cyber security solutions and technologies to be deployed suitable to business operations and aligned advisories and practices.
• Ensure secure development life cycle is complying to the security policies, and the security controls implementations are complying to the defined security policies, standards and guidelines.
• Design and implement end user security awareness programmes and establish defined processes for Threat and Incident Management.
• Plan, design and conduct security incident response workshops and exercises (table-top exercises, simulation and drills) and lead the investigation and management of security incidents.

Required Skills & Experience:

• Degree in Computer Science, Information Systems, Engineering, or a related technology-focused field
• Min 5 years of management experience in information security
• Ability to identify cybersecurity risks and threats specific to both on-premises and cloud environments, with the expertise to assess their impact and likelihood. This includes, but is not limited to, insider threats, vendor risks, data leakage, malware (including ransomware), account hijacking, and compliance-related risks.
• Proficient in evaluating the effectiveness of existing controls and recommending appropriate mitigation strategies for both on-premises and cloud cybersecurity and data security concerns.
• Strong understanding of compliance requirements and the ability to identify potential violations within on-premises or cloud environments.
• Certifications are encouraged to demonstrate continuous learning and mastery of best practices for this role, such as CISSP, CISM, or CISA certifications.

Should you be interested in this career opportunity, please send in your updated resume to [email protected] at the earliest.

When you apply, you voluntarily consent to the disclosure, collection and use of your personal data for employment/recruitment and related purposes in accordance with the SCIENTE Group Privacy Policy, a copy of which is published at SCIENTE’s website (https://www.sciente.com/privacy-policy).

Confidentiality is assured, and only shortlisted candidates will be notified for interviews.

EA Licence No. 07C5639