Our client is looking for a Chief Information Security Officer (CISO) to provide the leadership to enhance develop and implement the information security strategies and related policies within the organizations.
- Degree in Cyber / Information Security or Computer Science or Computer Engineering;
- At least 10 years of management experienceÂ inÂ the area of information security, policies and procedures;
- Possess working experience in areas of cyber security governance and risk management, proactive cyber security defence and investigation in a complex IT environment;
- Competent in large scaleÂ project, vendor risk management, business continuity planning, incident response and crisis management;
- In-depth understanding of both IT and business processes and the relationship between them;
- Good verbal and written communication skills to present and articulate complex issues as well as to influence and convince stakeholders at every level;
- Excellent interpersonal skills to collaborate effectively with cross-functional, multi-disciplined teams and gain consensus in change implementation and enforcement of security policies and procedures.
- CISM, CISSP, CGEIT, CISA, GSEC certification;
- Good understanding of international security standards such as ISO27001/27002.
- Spearhead the establishment of a well-defined information security governance framework with goals, strategies, policies, compliance monitoring, crisis management processes, action plans, best practices, awareness and education programs;
- Drive the cyber security risk assessment initiatives to identify the various information assets and process gaps that can lead to vulnerabilities to cyber attack and develop well-documented processes and policies to preempt and mitigate risks;
- Facilitate and collaborate with cross functional stakeholders for the formation of a cyber security culture across the entire organization, from stakeholders to end users andÂ information technologyÂ professionals to drive awareness among people and shape their attitude towards risk acceptance and incident response;
- Review, improve and endorse security policies,Â implement technical controls, audits and assessments to ensure compliance;
- AlignÂ information technology (IT)Â needs of business unitsÂ with the strategic cyber security direction of the organization;
- Propose appropriate cyber security solutions and technologies to management and obtainÂ approval for the implementation;
- Keep abreast on emerging threat factors, fast changes in the technological landscape and continually push for work culture transformation to achieve early detection and readiness to respond to cyber security incidents.