VP, Cybersecurity & Governance

Primary Objectives of Position:

• Support external engagement with regards to governance, risk & regulatory compliance requirements.
• Develop and maintain security policies while raising awareness through continuous training.
• Manage cybersecurity tools & services across business units.

Major Responsibilities:

Lead, manage and work with team members on the following:

• Involve in sector-wide cybersecurity programme and engagement.
• Coordinate and contribute to various external and internal forums and meetings.
• Manage all risk & regulatory reporting.
• Conduct security audits, vulnerability & risk assessments and checks to ensure security controls are in place and are functioning adequately while working with regulatory bodies to ensure cybersecurity standards are met.
• Engage users to ensure compliance with cybersecurity policy and procedures and review waivers and non-compliance when necessary.
• Formulate cybersecurity policies and procedures for IT and OT systems, ensuring compliance with regulatory requirements and industry best practices (e.g. Cybersecurity Code of Practice (CCoP 2.0), CP8, ISO27001 etc.).
• Educate and provide training to employees and contractors on cybersecurity policy, standards and procedures as well as best practices.
• Conduct penetration test, cybersecurity (red/purple teaming) exercise (as documented and communicated) on a regular basis ensuring organization resiliency though practical Business Continuity Plan (BCP) and Disaster Restoration Plan (DRP).
• Oversee the development, testing, and maintenance of cybersecurity measures to safeguard both IT and OT Critical Information Infrastructure (CII) assets.
• Manage and administrate cybersecurity tools.
• Provide cybersecurity services (e.g. VAPT).
• Monitor and manage security operations, including the handling of incidents & crisis.
• Identify emerging threats and vulnerabilities and recommend appropriate controls and solutions for implementation to enhance cybersecurity posture.
• Liaising with cybersecurity vendors in conducting relevant assessments to fulfil regulatory requirements.
• Plan and implement budgeted cybersecurity projects based on business requirements.
• Work closely with internal and external stakeholders regularly to review and enhance cybersecurity incident response plans and playbooks to achieve cybersecurity readiness.

Job Specifications:

Minimum Education / Qualifications

• Degree in Computer Engineering or equivalent.
• Trained in Cybersecurity, Information Security, Forensics or equivalent.

Minimum Years of Relevant Experience

• 15-25 years of direct and relevant full-time cybersecurity work experience in policy formulation, incident response, and management, regulatory oversight and compliance.

Knowledge/Skills

• CISSP/CISM/CISA/CEH/ CRISC or equivalent certification.
• Strong domain knowledge of information security governance and risk management, controls, vulnerability assessment/penetration testing, compliance, business continuity, investigations, system architecture and design, legal, and industry IT/OT and cyber security best-practices.
• Knowledge on ISO27001 and IEC62443, NIST Cybersecurity Framework, CSA Code of Practice (CCoP).
• Experience in Threat detection, Penetration testing and red/purple teaming.
• Knowledge in Network, Web Security and Application Security would be highly valued.
• Experience with information security tools (SIEM, anti-virus tools etc.).
• Experience in forensics and incident management.

Attributes (functional & leadership competencies)

• Strong leadership qualities & ability to work under pressure.
• Self-motivated, a good team player and strong ability to multi-task.
• Excellent verbal, written communication, presentation and analytical skills.
• Ability to build strong and trusting relationships.
• Experience working in public transport and/or OT industry would be highly valued.

Please be informed that only shortlisted candidates will be notified.