As the Cybersecurity Director, you will be the leader overseeing Temus’ cybersecurity landscape.
This role entails shaping and executing comprehensive cybersecurity strategies, ensuring information security governance, compliance, and operations, as well as leading transformative projects, and maintaining industry certifications.
You will be at the forefront of cybersecurity operations, risk management, and training initiatives, contributing significantly to our organization's resilience against evolving cyber threats.
Reporting directly to the Chief Financial Officer, you will play a key role in aligning cybersecurity efforts with broader IT strategies, fostering a culture of security awareness, and driving continuous improvement in our cybersecurity posture.
In addition to internal responsibilities, you will also engage in client-facing initiatives, serving as a trusted advisor on cybersecurity matters. Your client-facing duties will include collaborating with external partners, providing guidance on security best practices, and addressing client concerns related to cybersecurity. By cultivating strong relationships with clients, you will demonstrate our commitment to cybersecurity excellence and contribute to the enhancement of our clients' security postures.
If you are a seasoned cybersecurity professional with a strategic mindset and a proven track record, we invite you to lead our cybersecurity initiatives and make a lasting impact on Temus’ digital resilience.
Key Internal Accountabilities
Information and Cyber Security Strategy and Transformation:
- Develop and implement a comprehensive information and cybersecurity strategy aligned with organizational goals.
- Lead the transformation of security capabilities to address emerging threats and technologies.
Information Security Governance:
- Oversee information security policies, standards, and procedures to ensure the confidentiality, integrity, and availability of information assets.
- Provide guidance on information security matters to ensure compliance with relevant regulations and standards.
Internal Project Management:
- Direct and manage internal security projects, ensuring timely delivery and alignment with strategic objectives.
- Collaborate with cross-functional teams to integrate cybersecurity considerations into projects.
Certifications Maintenance:
- Manage and maintain ISO27001 and Data Protection Trust Mark (DPTM) certifications, ensuring ongoing compliance with standards and regulations.
- Run internal audits to comply with ISO27001 and DPTM requirements.
- Lead efforts for certification renewals and audits.
Training and Awareness:
- Develop and deliver information and cyber security training programs to enhance employee awareness and compliance.
- Foster a culture of security throughout the organization.
Security Operations Management:
- Collaborate with IT operations team to ensure day-to-day security operations, incident response, and threat intelligence activities.
- Implement and manage security technologies to detect, prevent, and respond to security incidents.
Risk Management:
- Conduct regular risk assessments and ensure the development and implementation of risk mitigation strategies.
- Collaborate with business units to address security risks related to projects and operations.
Reporting and Communication:
- Provide regular reports on the status of information and cyber security initiatives to executive leadership.
- Communicate effectively with stakeholders regarding information and cyber security risks, incidents, and strategies.
Client, Partner, Vendor, and Third-Party Security:
- Evaluate and manage cybersecurity risks associated with vendors and third-party partnerships.
- Ensure compliance with security standards for external collaborations.
Key External Accountabilities
- Client Collaboration: Engage with clients to understand their cybersecurity needs, align with their compliance objectives, and communicate the importance of adhering to industry regulations and standards.
- Regulatory Alignment: Stay current with evolving cybersecurity regulations and standards, ensuring clients' practices meet compliance requirements (e.g.,IM8, DPTM, ISO 27001, NIST).
- Risk Management: Conduct comprehensive risk assessments, identifying vulnerabilities and compliance gaps, and collaborate with clients and partners to develop tailored risk mitigation plans.
- Architecture Review: Collaborate with clients and partners to review architectural designs, ensuring they are aligned with security compliance requirements and best practices. This includes assessing the security of software development, APIs, and CI/CD pipelines.
- Security Testing Management: Oversee and manage the Vulnerability Assessment and Penetration Testing (VAPT) and Source Code Review (SCR) process, coordinating assessments, analyzing results, and working with clients and partners to implement effective remediation strategies.
- Exception Review: Evaluate security exceptions and assess their potential risks, proposing appropriate mitigation strategies to clients while ensuring compliance.
- Compliance Audits: Lead compliance assessments for clients, ensuring alignment with industry standards and regulations, and fostering transparent communication throughout the process.
- Documentation and Reporting: Maintain accurate records of compliance activities, audit results, and remediation efforts, providing clients with comprehensive reports.
- Cross-Functional Collaboration: Collaborate with internal teams, including IT, Technology, Data, Value Assurance, and senior management, to ensure a cohesive approach to client cybersecurity compliance.
Qualifications
- Industry-recognized cybersecurity certifications such as CISSP, CISM, or CISA.
- Demonstrated experience (more than 10 years) in information and security compliance management, with proficiency in platforms such as Azure, AWS, and GCP.
- In-depth knowledge of information and cyber security frameworks, standards, and regulations (e.g., ISO27001, DPTM, NIST, IM8).
- Experience with ISO27001 and Data Protection Trust Mark (DPTM) certifications and audits.
- Demonstrated success in managing security operations and driving strategic information and cyber security initiatives.
- Proven leadership skills and ability to manage projects efficiently.
- Strong understanding of risk assessment methodologies, compliance auditing, VAPT procedures, and architectural design reviews.
- Experience in reviewing architecture designs for security compliance.
- Strong communication and interpersonal skills to establish rapport with clients and internal stakeholders.
- Proficiency in reviewing security exceptions and recommending effective solutions.
- Analytical mindset with meticulous attention to detail to identify compliance gaps and risks.
- Flexibility to adapt to evolving compliance regulations and technological advancements.
Temus is an equal opportunities employer. We welcome applications from all. We do not discriminate by race, religion, belief, ethnicity, origin, disability, age, partnership status, sexual orientation, or gender identity.
We see the diversity of our team as a strategic advantage, and we work actively to maintain it.
By applying for this role, you have read and acknowledge the data privacy statement via this link - temus.com/job-applicant-data-protection/