Cybersecurity Head

GENERAL RESPONSIBILITIES

Manage the overall activities in information security governance team ensuring the deliverables are completed within timelines and within expected quality

Make proactive action in identifying the risks and propose areas for improvement to the Group CISO and to the Senior Management Team

Lead the establishment of the functional and technical information security policies, standards / guidelines and procedures and ensure its effective implementation across business units

Lead the development of the Information Security Awareness Plan and ensure its operationalization across the company

Establish KPIs to effectively gauge information security implementation

Review and analyse how new security solutions and processes can streamline existing solution sets, ensuring a unified and cohesive security architecture

Lead the conduct of Information Security Risk Assessments and audits to various business groups

Manage projects and ensure that risks are identified and mitigated to ensure completion within agreed timelines

Mentor the team members to have a solid understanding on applicable information security standards and educate them on how to carry out audits and risk assessments

Provide timely update and escalation of security issues, risks and findings to the CISO

Work with the CISO on monitoring the budget for Information Security Group

TECHNICAL COMPETENCIES

Highly knowledgeable in ISO27000, PH DPA, BSP Circulars on Information Security, COBIT, NIST and SANS

Highly knowledgeable in ISMS Audits and Risks Assessments

Knowledge on Payment Card Industry Data Security Standard (PCIDSS)

Knowledge in Project Management Knowledge Areas and Principles

Knowledge in endpoint security configuration

Knowledge on Application and Network Security

Knowledge in cloud technologies such as AWS, Azure

Knowledge in Threat Analysis

Knowledge in System Development Lifecycle methodologies such as Waterfall, Iterative and Agile

Knowledge on Enterprise Security Architecture

QUALIFICATIONS

Bachelors degree in Computer Science, Information Technology, Business-related course or its equivalent

At least 10 years of relevant work experience in implementing information security program, assurance and solution set

ISACA or ISC2 Certification is a must

Has excellent business communication skills

Has experience in project management

Leadership and management skills