Risk Management:
- Assess technologies and solutions against cyber security standard.
- Identify, analyse, and prioritize cyber security risks.
- Assess and advise security by design concepts in Cloud platforms such as AWS or Azure
- Cloud. Develop and oversees implementation of risk mitigation strategies and controls.
- Maintain and update the organization's risk register.
Compliance:
- Stay up-to-date on relevant IT security regulations and standards (e.g., PCI-DSS, ITRM, IM8,etc).
- Develop and implement security policies and procedures.
- Monitor and audit compliance activities.
- Report on compliance status to relevant stakeholders.
- Establish compliance initiatives to ensure conformance with security requirements
Security Operations:
- Monitor and mitigate potential data loss events, and investigate suspected incidents.
- Investigate security incidents and implement appropriate response measures. Business Continuity Planning and Management:
- Review existing and/or develop new corporate crisis plans and policies to ensure relevance in tandem with the company or external changes.
- Plan and coordinate simulation exercises to ensure the company preparedness for potential disruptions.
- Execute business continuity & resilience awareness initiatives to enhance workforce resilience.
Collaboration:
- Work closely with IT operations, development, and other business units to promote security awareness and best practices.
- Provide guidance and training to employees on security policies and procedures.
- Collaborate with external auditors and regulators.
- Prepare regular management reports on overall IT security posture.
Qualifications:
- Bachelor's degree in Cybersecurity, Information Technology, or related field (or equivalent experience).
- Minimum of 3-5 years of experience in IT security, risk management, and compliance.
- Strong understanding of IT security concepts, frameworks, and methodologies.
- Working knowledge of relevant IT security regulations and standards.
- Experience with security tools and technologies (e.g., DLP solutions, SIEM, IDS/IPS).