This role guides the assessment of information and cyber risks associated with technology initiatives and provide recommendations on control requirements by risk policy and standards.
He / She manages and coordinate responses to regulatory inquires, inspections, audits and monitors remediation of regulatory findings.
Report to the Global Head of IT Security and GRC
Take ownership in strategic development and improvement of risk frameworks, methodologies and requirements
Recommend strategies to address key risk area based on assessment of business needs against security concerns and legal / regulatory requirements
Enhancing and maintaining the GRC roadmap with the Global Head of IT Security and GRC.
Monitor compliance with standards and governance and oordinate on-going cyber risk assessment activities across the organization
Manage internal and external IT audit
Liaise with outsourced teams to drive business expectations,
Provide subject matter expertise in cyber security incident and breach investigations and post-breach remediation work to business stakeholders
Guide the development of internal threat awareness reports
Present threat awareness reports to technical and non-technical staffs
Anticipate internal and external business challenges and legal or regulatory issues
Diploma or Degree in Computer Engineering or equivalent.
Minimum 10 years of IT experience, with at least 3 years managing security projects in a cross-cultural environment.
Familiar with COBIT 2019 framework, NIST 800-53 and ISO27001 : 2013, CIS standards
CISA Certification and any other cybersecurity certifications will be preferred
Experienced in managing senior business stakeholders