As a Cybersecurity Lead, you will play a critical role in safeguarding our organization’s digital assets and ensuring the confidentiality, integrity, and availability of our information systems. You’ll lead a team of skilled professionals and collaborate with various departments to implement robust security measures.

RESPONSIBILITIES

Strategy and Planning:

• Develop and execute a comprehensive cybersecurity strategy aligned with organizational goals.
• Identify potential risks and vulnerabilities and create mitigation plans.
• Stay up-to-date with industry trends and emerging threats.
• Recommend suitable enhancements to improve information cybersecurity performance.
• Develop, execute and measure cybersecurity awareness programs for staff, students, and faculty.
• Report regularly to senior leadership, Audit & Risk Committee, and Board on cyber posture, risks, and incidents. Advise leadership on emerging threats and industry best practices.

Security Operations:

• Oversee day-to-day security operations, incident response, and threat detection.
• Manage security tools, including firewalls, intrusion detection/prevention systems, and antivirus software.
• Conduct regular security assessments and vulnerability scans.

Team Leadership:

• Lead and mentor a team of cybersecurity professionals.
• Delegate tasks, set performance goals, and provide regular feedback.
• Foster a collaborative and proactive security culture within the organization.

Policy and Compliance:

• Develop and enforce security policies, standards, and procedures.
• Ensure compliance with relevant regulations (e.g., PDPA, PCIDSS, etc).
• Good understanding of NIST framework and its implementation and compliance.
• Coordinate audits and assessments.
• Provide advisory on application security design, framework, policies, and standards.

Risk Management:

• Assess and prioritize risks, considering business impact and likelihood.
• Implement risk mitigation strategies and monitor their effectiveness.
• Work closely with other departments within SIM to address security-related concerns.
• Manage vulnerability assessments (such as reviews of access control lists), penetration testing and VAPT with project teams and system owners
• Act as the primary liaison with government agencies (such as CSA and MOE), auditors, and external partners on cybersecurity matters.

Incident Response:

• Lead incident response efforts during security breaches or incidents.
• Coordinate with legal, IT, and communication teams to manage incidents effectively.
• Conduct post-incident analysis and implement improvements.

Policies and procedures

• Own and maintain/update key policies and SOPs such as Incident Response playbook, Operational SOPs (access provisioning/deprovisioning), DR playbook, Governance policies (audit readiness, annual risk assessment cycle)

Collaboration:

• Conduct post-incident analysis and implement improvements.
• Collaborating with stakeholders to conduct governance, risk and critical systems controls assessment, compliance audit, and cyber resilience and disaster recovery.
• Working with internal stakeholders such as the network and system team for investigations and cybersecurity planning.
• Collaborating with external and internal parties on various cybersecurity initiatives.

JOB REQUIREMENTS

• Collaborating with external and internal parties on various cybersecurity initiatives.
• Bachelor’s degree in computer science, Information Security, or related field.
• Certifications: CISSP, CISM, or similar certifications are highly desirable.
• Experience: Minimum 5 years of experience in cybersecurity, including managerial roles.
• Possess strong technical and domain knowledge with experience in project management, cybersecurity threat monitoring, threat hunting, logs review, source code review and analysis, network security, machine learning, vulnerability assessment/penetration testing, compliance and cybersecurity risk management, network security, encryption, access controls, and security frameworks
• Excellent interpersonal, communication, leadership skills, and stakeholder management skills
• Ability to explain technical risk in business terms to non-technical stakeholder