Role Responsibilities
Security Strategy and Leadership:
· Develop and implement a comprehensive information security strategy aligned with the business goals
and objectives of the organization.
· Provide leadership and guidance in the development and implementation of information security policies,
procedures, and standards.
· Lead and manage the security team, including hiring, training, and performance evaluations.
Risk Management and Compliance:
· Identify, assess, and mitigate security risks to the organization’s information assets.
· Develop and maintain dashboards to report on the profile of SJ’s cyber-resilience
· Ensure compliance with industry standards, regulations, and best practices, including but not limited to
ISO 27001, NIST, and GDPR, working closely with the Data Privacy Officer.
· Conduct regular security audits, assessments, and penetration testing to identify vulnerabilities and
ensure compliance.
Incident Response and Management:
· Develop and implement an incident response plan to effectively manage and respond to security breaches
and incidents.
· Coordinate with internal and external stakeholders to ensure timely and effective incident resolution.
· Conduct post-incident analysis to identify root causes and implement corrective actions.
Programme Management:
· Develop and deliver projects to ensure that the cybersecurity environment is business appropriate.
Security Awareness and Training:
· Promote a culture of security awareness throughout the organization.
· Working with the People + Culture team to develop and deliver security awareness training programs to
help elevate employee awareness on cybersecurity risks, threats, best practices, and policies.
Technology and Innovation:
· Stay abreast of the latest security technologies, trends, and threats related to all aspects of cybersecurity.
· Evaluate and implement security technologies and solutions to protect the organization’s information assets.
· Collaborate across all departments to ensure security is integrated into all technology projects and initiatives.
Vendor and Partner Management:
· Evaluate and manage vendors and partners to ensure the delivery of high-quality security services and
solutions.
· Negotiate contracts and service level agreements with security vendors and partners.
Education Qualification
Bachelor’s degree in Information Security, Computer Science, or a related field, or equivalent experience.
Relevant Experience
· Minimum of 10 years of experience in information security, with at least 5 years in a leadership role.
· In-depth knowledge of security frameworks, standards, and best practices.
· Experience in the AEC industry or a similar field is strongly preferred.
· Strong analytical, problem-solving, and decision-making skills.
· Excellent communication and interpersonal skills, with the ability to effectively communicate security concepts to both technical and non-technical audiences.
Professional Accreditations
Professional certifications such as CISSP, CISM, or CISA are highly desirable.
Professional Knowledge/Skills
Deep knowledge of, and experience with, the Microsoft stack (including E5, Sentinel, SASE, and InTune). Purview experience would be a plus.