We believe all people deserve access to essential services: water, energy, food, healthcare, education, and resilient infrastructure. These are the foundations of dignity and development.

Our purpose is to mobilize capital with operational capacity to unlock the systems that make access possible, transforming realities and creating lasting impact in emerging markets.

Our Mission is deliver integrated, high-impact solutions that expand access to essential services – combining operational execution, local presence, strategic partnerships, and sustainable capital.

We are looking someone to lead the Cyber Security function and execute the Cyber Security roadmap to design and build the organization's cyber security, as part of the broader IT strategy. In this role, you will collaborate closely with the Group CTO, partner with other IT department heads, departments and employees across the company as needed, and technology providers.

Main Responsibilities

• Functional Strategy Formation: Lead the development and implementation of an Information Security strategy, aligned to the firms' priorities, that enables and facilitates the firms’ business objectives, anticipating complex issues, challenges, and opportunities, and ensuring integration with the wider IT functional strategy.
• Strategy Formation and Implementation: Develop plans for optimising resources and assets being managed within the Information Security function. Monitor and report to key stakeholders on the strategic roadmap implementation including metrics (qualitative and quantitative) to measure impact and value delivered, as well as progress towards a best practice function.
• Information and Business Advise: Provide authoritative specialist advice to senior leaders at the business unit or regional level to enable the implementation of policy, projects and change initiatives.
• Budgeting: Own and manage the Information Security budget and spend effectively, monitoring and reporting discrepancies.
• Policies and Procedures Development: Develop Information Security policies, procedures and related guidelines to best practice levels, ensuring compliance both externally with regulatory requirements and that internally these are communicated and adhered to.
• Internal Client Relationship Management: Manage relationships with strategic internal stakeholders, building high levels of professional credibility and mutual trust, and mobilising appropriate internal and/or external resources to support in delivering business strategy and plans.
• Roadmap Planning: Develop and propose an annual roadmap for Information Security, ensuring alignment with the overall IT strategy. Recommend financial and headcount budgets; propose targets for key performance indicators and schedule key activities/projects, ensuring integration with other elements of the organisation.
• Leadership and Direction: Identify and communicate the actions needed to implement the Information Security strategy and roadmap; explain the relationship to the broader IT and organisation mission, visiom, and values; motivate people to commit to these tenets and do extraordinary things to achieve business goals.
• Performance Management: Manage and report on performance within Information Security; set appropriate performance objectives for direct reports and hold individuals for achieving them; take appropriate corrective action where necessary to ensure the achievement of annual objectives.
• Organisation Capability Building: Evaluate the capabilities of staff within Information Security to identify gaps and prioritise development activities. Implement the organisations formal development frameworks. Coach and mentor others to support their development.
• Corporate Representatiion: Represent the organisation in a variety of industry and professional forums, in order to promote the company and to build and nurture external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, risks and deliver innovation and improvement opportunities.
• Innovation: Drive innovation and adoption of Information Security technologies and products aligned to continuous improvement and best practice.
• Due Diligence: Oversee the Information Security due diligence process for potential investments, assessing technical risks and opportunities.
• Vendor Management: Oversee the Information Security vendor management process, ensuring compliance, cost-effectiveness, and high-quality delivery.
• Threats: Monitor the internal and external threat environment for emerging threats and advises relevant stakeholders on the appropriate courses of action.
• Cyber Security Incidents: Manage and contain cybersecurity incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation.
• Incident Response: Design and implement incident response, disaster recovery and contingency plans and procedures to ensure that business-critical services are recovered in the event of a security event and protect company data; provides direction, support and in-house consulting in these areas.

Qualifications, Experience and Skills

• Verbal Communication: Operates as a recognised expert to express ideas, request actions, formulate plans, & policies by means of clear and effective verbal communications. Typically known as a subject matter authority.
• Planning and Organising: Operates as a recognized expert to plan, organize, prioritize and oversee activities to efficiently meet objectives. Typically known as a subject matter authority.
• Process Documentation, Process Mapping, Strategic Resource Management, Task Prioritisation, Workflow Optimisation.
• Strategic Planning: Operates as a recognised expert to envision a desired future, and translate this vision into broadly defined goals or objectives and a sequence of steps to achieve them. Typically known as a subject matter authority.
• Policy and Procedures: Operates as a recognized expert to monitor, interpret and understand policies and procedures and ensure their alignment with organisational strategies and work objectives. Typically known as a subject matter authority.
• Policy Analysis, Policy Management, Standard Operating Procedure (SOP).
• Policy Development and Implementation Works at an advanced level to develop a deliberate system of principles to guide decisions and achieve rational outcomes, then oversees their implementation within the organization. Typically works independently and provides guidance.
• Adaptive Mindset Operates as a recognised expert to shift into and out of a mental mindset associated with assessing the facts and circumstances of the current situation and/or environment, and making the appropriate/innovative adjustments to thinking and work habits to thrive in any scenario. Typically known as a subject matter authority.
• Policy and Regulation: Operates as a recognised expert to interpret and apply knowledge of laws, regulations and policies in area of expertise. Typically known as a subject matter authority.
• Community Guidelines, Federal Legislation, Government Affairs, Legislation and Strategic Advocacy.
• Effectively Presents Solutions: Works at an advanced level to communicate and articulate potential resolutions or strategies in a clear, compelling, and tailored manner to address specific challenges or meet organizational needs. Typically works independently and provides guidance.
• Business Management Works at an advanced level to lead and oversee business units, driving strategic initiatives, and achieving organisational objectives. Typically works independently and provides guidance.
• Maintains the Relationship: Works at an advanced level to cultivate and sustain positive interpersonal connections, fostering trust, collaboration, and effective communication to support enduring professional relationships. Typically works independently and provides guidance.
• Project Management: Works at an advanced level to plan and manage small project work assignments within desired cost, time and quality parameters. Typically works independently and provides guidance.
• Change Order Management, Critical Path Method (CPM), Enterprise Portfolio Project Management, Project change log/register, Project change management plan, Project charter, Project management plan, Project requirements management plan, Project requirements verification plan, Project resource management plan, Project schedule, Project schedule baseline, Project scope statement.

Experience and Knowledge:

• Proven experience leading an Information Security function and demonstrated ability to drive the Information Security strategy and execution in a fast paced, dynamic environment, of at least similar size, scale and complexity, preferably within several industries, including at least financial services, as well as manufacturing or industrial facilities.
• Strong knowledge of a wide range of cyber security best practice frameworks, such as NIST, ISO/ICE 27001, Cyber Essentials Plus.
• Strong knowledge of a wide range of IT best practice frameworks such as ITIL, COBIT, Lean Six Sigma.
• Strong understanding of related technologies including Microsoft OS, Microsoft security and Fortinet stacks.
• Certifications and demonstrable knowledge e.g. CISSP, CISM, CISA, CRISC etc.
• Strong understanding of related Information Security policies and procedures including Due Diligence, Risk Management, Asset Management, Identity & Access Management, Awareness & Training, Data Security, Platform Security, Infrastructure Resilience, Event Monitoring & Detection, Incident Analysis and Incident Management.

Gemcorp follows a fair and transparent process, based on the skills and qualifications of candidates. We actively encourage diversity in hiring, aiming for a representative and inclusive workforce.