Senior Manager, Or Manager - Cyber Security & IT Governance
Responsible for the assessment, development, implementation and maintenance of enterprise-wide cyber security and IT Governance programmes to preserve the confidentiality, integrity, and availability of information resources. As part of the IT leadership team, this individual will be expected to provide technical leadership and consultation across the organisation. S/he will also work with external experts to implement security solutions, detect, and contain cyber security incidents.
Responsibilities
Cyber Security:
Assess and review environment and cybersecurity measures to ensure security and operational effectiveness, for e.g. network, system, application, endpoint security, physical and logical access security, etc.
Review and develop security framework, information security policies, processes, procedures, and guidelines.
Conduct cybersecurity risk assessments, penetration tests, and IT controls tests.
Identify security gaps and propose mitigating measures and escalate security incidents and non-compliances on a timely basis.
Evaluate, deploy, and maintain cybersecurity infrastructure to improve cybersecurity posture. Design, implement and maintain security incident response and escalation procedures.
Monitor, analyze and correlate events to determine the best course of action, to mitigate and contain threats when detected.
improve cybersecurity awareness of staff, for e.g. by conducting awareness training. Automate security controls, data, and processes.
IT Governance:
Review and enhance IT policies, standards, guidelines, and best practices regularly to ensure that these are aligned to organization objectives and industry best practices.
Develop and implement effective change management plans (such as communication plans and training programs) to drive adoption and compliance.
Participate in audit planning meetings with internal/external auditors, collate/provide the required materials on a timely basis, validate audit findings, provide remediation solutions, and implement the agreed solutions on a timely basis.
Drive security access and activity log reviews on regular basis.
Promote IT risk management, governance, and compliance culture across the organization.
IT Management:
Contribute to IT strategic planning and budgeting. Ensure IT vendors meet contractual obligations.
Maintain up-to-date knowledge on cybersecurity technologies and standards.
Attend to any other reasonable duties as assigned by Director, Information Technology.
Requirements
Degree in engineering, science or information technology, or equivalent education.
8-10 years of related work experience in cybersecurity management and security governance.
Good working knowledge of security risk management, security governance framework and compliance (IT Security Audit / log review), technical vulnerability management (vulnerability assessment, penetration testing), application security, security technologies (system hardening, IDS/IPD, firewall), security incident response and security assessment.
Strong understanding of cybersecurity standards.
Hands-on experience with cybersecurity tools such as Next Generation Firewalls, SASE, Endpoint Protection, Data Loss Protection, Email Security, etc.
To apply:
Please email Resume in Microsoft Word format
Please state your Position/ positions applied on the āon TOPā of your resume.
Please state Available Commencement Date or notice period
Please state current and last SALARY and Expected Salary in your resume.
Please state Reasons for leaving current & previous Employment.