Cyber and Information Security Management:
This is a senior leadership position responsible for establishing and leading the strategic development of the Cyber and Information Security Programme to manage cyber security threats, and support customer requirements relating to data confidentiality, integrity, and availability in alignment with the organization’s values, brand and regulatory standards.
Oversees all aspects of cyber and information security function in the organization and supports the coordination and execution of the enterprise-wide cyber and information security strategies to ensure strategic alignment of security controls and cost optimization.
Promotes increasing organizational vision on cyber and information security throughout the organization.
Operates in a cohesive environment with other departments to achieve audit and risk-constrained optimized growth for the business.
Business Continuity Management:
- Leads the implementation across the organization of the Business Continuity Management framework.
- Supports the design and implementation of solutions that will effectively and efficiently meet the business’ agreed recovery time objectives.
- Periodically organises tests to provide assurance that the designed business continuity plans are working as expected
- Monitors and reports on the status of the implementation of Business Continuity Management arrangements within the organization.
Principal Responsibilities, Accountabilities and Deliverables of Role:
- Define and lead the Cyber and Information Security strategy and operations.
- Manage the budget and programmes for the protection of the company’s information assets.
- Lead the development and implementation of policies and frameworks for the management of Cyber and Information Security.
- Provide security-related advice to business, project and IT groups.
- Monitor and report on the status of cyber and information security across the company.
- Ensure continuous improvement of the policies and frameworks.
- Oversee the management of cyber and Information security across the company through various monitoring tools, control standards, reporting of incidents, etc.
- Ensure that the frameworks for managing cyber and Information security are aligned to the approved internal and Group frameworks.
- Develop a Maturity model to identify baseline and set the target maturity level of the controls in the cyber and information security space and to track progress against it.
- Carry out ad hoc requests from the CEO, COO and Senior Management.
- Participate in the development of new products and change management projects (including projects to introduce new technologies) to ensure that the cyber and information security risks are identified and assessed prior to launch / implementation.
- Ensure that the organisation complies with all mandatory security certifications required by schemes, regulators and client banks (where applicable).
- Initiate, facilitate and promote activities to create information security awareness within the organization.
- Advise the organization through current updates on cyber and information security technologies and related regulatory issues.
- Build relationships with stakeholder and partners including security suppliers and security response centres to assist in maintaining the information security program.
- Ensure internal control systems are monitored such that appropriate access levels are maintained.
- Coordinate the handling and resolution of security incidents.
- Develop, facilitate and present information security awareness and security training with relevant Department functions and across the company.
- Coordinate and participate in special projects concerning cyber and information security, including testing and implementation of security software enhancements.
- Review, as requested, new information system proposals, purchases and development to ensure compliance with the Company’s security policies and procedures.
- Research new information security concepts, methods and tools to keep abreast of changing and emerging technologies relating to information security.
Secondary Accountabilities: (Business Continuity)
- BCM Strategy: Assist heads of department in the definition and formulation of their business continuity plans and test scenarios.
- BCM Framework:
- Lead the implementation of the framework for the management of BCM across for the organization.
- Coordinate the efforts for identification of actual and possible threats to the continuity of operations, and recommend actions if any for control, mitigation or transfer of these risks.
- Ensure that local business continuity regulatory requirements are being complied with.
- Maintain the 2-year rolling Business Continuity plan for the organization.
- Testing: Coordinate local and cross-border Business Continuity tests.
- Crisis Management: Support the Local Crisis Management Team as needed.
- Awareness Training: Raise Business Continuity awareness across the company.
- Understands and interprets regulatory requirements into effective business operations, risk management and compliance.
- Good knowledge of business processes of the organization.
- Ability to deal effectively with regulators.
- Knowledge of the nature and sources of computer viral infestations.
- Knowledge of current technological developments / trend in area of expertise.
- Ability to train clients on security policies and awareness.
- Ability to manage multiple and sometimes conflicting interests – manage ambiguity.
- Strong leadership and managerial skills as demonstrated through ability to motivate, influence, coach and build relationships.
- Ability to initiate projects and drive results.
Education / Certifications
- Educated to degree level and appropriate work experience.
- Professional Qualification in Information Security Management, or Business Continuity Management.
- Must be comfortable operating at senior level with minimum of 10years’ experience in the field of Cyber and Information Security, and with knowledge of business continuity management.
- Information Security experience as a senior personal in financial services industry.
- Strong interpersonal and communication skills and the ability to work effectively with wide range of constituencies in diverse community.