Deputy Chief Information Security Officer (CISO)

Job Summary

We are seeking a Deputy Chief Information Security Officer (CISO) to drive cybersecurity resilience, governance, operations, engineering, and testing across both on-premises and major cloud platforms. This role will ensure security is embedded and uplifted throughout the organization's digital transformation journey, with a strong focus on policy formulation, enforcement, and ecosystem development through close collaboration with internal and external teams.

Mandatory Skill-set

• Degree in Computer Science, Information Systems, Engineering, or a related technology-focused field;
• Must have at least 8 years of work experience in Information Security operations, policies and procedures;
• Must have strong understanding of communication networks and emerging (cloud) technologies;
• Must have knowledge of technology processes, security policies, standards, controls, and risk measurements;
• Proven record in identification, investigation and resolution of potential IT security risks, controls and process gaps;
• Knowledge or experience with Infrastructure as Code (IaC) tools like Terraform and Ansible;
• Ability to identify cybersecurity risks and threats specific to both on-premises and cloud environments, with the expertise to assess their impact and likelihood;
• Proficient in evaluating the effectiveness of existing controls and recommending appropriate mitigation strategies for both on-premises and cloud cybersecurity and data security concerns;
• Strong understanding of compliance requirements and the ability to identify potential violations within on-premises or cloud environments;
• Strong personality and yet personable to build and enrich relationships within the organization;
• Excellent communication, presentation, planning and organization skill.

Desired Skill-set

• Relevant certifications (CISSP, CISM, CISA, GSEC).

Responsibilities

• Responsible to design information security, protection and management framework, guidelines and best practices across on-premises and cloud environments;
• Lead the formulation of cyber security strategies and work plan, policies, standards and guidelines, supporting digitalization planning and aligning with business strategic goals and policy baselines;
• Ensure that security policies remain aligned with evolving business and cloud security strategies through regular gap analyses and cloud risk assessments;
• Assist management in overseeing security matters, such as approving and tracking security work plan and resourcing, monitoring performance in security indicators and risk acceptance decisions;
• Govern the security posture by maintaining a full visibility of all systems (Assets) across different operating environments, the systems’ security design, implementation and operations through regular reviews;
• Implement Cybersecurity risk assessment and acceptance processes at the management level;
• Review, provide consultation and endorse risk management and mitigation plans from project teams;
• Provide advisory and consultancy on the appropriate cyber security solutions and technologies to be deployed suitable to business operations and aligned advisories and practices;
• Ensure secure development life cycle is complying to the security policies, and the security controls implementations are complying to the defined security policies, standards and guidelines;
• Design and implement end user security awareness programmes and establish defined processes for Threat and Incident Management;
• Plan, design and conduct security incident response workshops and exercises (table-top exercises, simulation and drills) and lead the investigation and management of security incidents.

Should you be interested in this career opportunity, please send in your updated resume to [email protected] at the earliest.

When you apply, you voluntarily consent to the disclosure, collection and use of your personal data for employment/recruitment and related purposes in accordance with the SCIENTE Group Privacy Policy, a copy of which is published at SCIENTE’s website (https://www.sciente.com/privacy-policy).

Confidentiality is assured, and only shortlisted candidates will be notified for interviews.

EA Licence No. 07C5639