Support the development of Cybersecurity directions, strategies, plans and processes in alignment with the Enterprise Architecture.
Develop security policies, standards and procedures for implementation across the organization. Ensure enterprise’s IT and OT environment is compliant with existing policies, laws and regulations.
Develop and execute the security awareness program to advocate information security policies, best practices, standards and guidelines.
Design and formulate security controls across systems. Implement security initiated projects as well as evaluate and select security products / solutions.
Perform activities to effectively accomplish the study, research, testing and reporting of security technologies, threats and vulnerabilities.
Roles and Responsibilities :
Security Planning Develop and update Security Management Framework Consolidate and gather necessary information to support planning and development of information security strategies and processes in support to Enterprise Architecture Deliver required output necessary for managing organizational resources
Security Policy Management Formulate and enforce Cybersecurity policies, standards, guidelines and processes Research new laws, policies, standards and regulations that might affect business operations
Security Audit Conduct security audit and risk assessments covering but not limited to mitigation and contingency plan for all information security issues within the enterprise and current IT and OT security controls Facilitate external audit activities Identify and provide recommendations on security breaches that require appropriate penalties and sanctions
Security Awareness and Education Deliver required output in managing the Information Security Management Committee Implement Security Education Program through creation of security awareness materials such as memo, bulletins, articles, roadshows, portal, etc Advocate information security policies, procedures and best practices Measure and provide regular report on the effectiveness of Security Education Program
At least a Bachelor's degree in Computer Science, Information Systems / Technology, or other related field
Ability to partner with and influence a variety of stakeholders to ensure security requirements are understood and met
Risk analysis, problem solving, and relationship management skills
Can evaluate vendor supplied software packages and makes recommendations to high-level management
Excellent interpersonal and written communications skills and a firm understanding of the organization’s business requirements
Must also be able to stay abreast of any new developments in the rapidly changing cybersecurity environment to avoid serious and / or costly mistakes as well as focus and determine on what actions could and should be carried out for an organization at a given time
Familiarity with Information Security frameworks and standards (NIST, AMI, ITIL, COBIT, ISO / IEC 27002, Project Management)
Require knowledge on several areas, including : Security tools that are currently available Business security practices and procedures Hardware / software security implementation Encryption techniques / tools Various communication protocols
The following certifications (or equivalent) may also be required : CISSP CISM CISA CEH Security+ MCSE : Security or MCSA