ROLE SUMMARY
· Chief Manager - Cyber Security Risk is responsible for implementation and governance of Cyber Security, Risk and Compliance frameworks.
· The role takes the lead for the implementation of information security policies, standards, procedures, and best practices to ensure the confidentiality, integrity, and availability of information assets.
· The role coordinates and conducts internal and external risk assessments to assess the effectiveness of information/cyber security controls and suggest/supervise the closure of the identified gaps.
· The role works closely with other business units, CISO, CIO, IT teams and external stakeholders to confirm alignment of information/cyber security objectives.
KEY RESPONSIBILITIES
Role and Responsibility
· Leading the establishment, implementation and maintenance of IT/Cyber Security, Risk and Compliance framework that meets regulatory requirements and protects the information and technology assets of MFL.
· Managing the development and promotion of Cyber Security, Risk and Compliance policies, procedures, standards, guidelines and reporting requirements to protect information and technology assets.
· Leading the Cyber Security Risk function to ensure that resources (people, technology, and processes) are appropriate to the required standards of operation, cost-efficiency, best practice, and performance.
· Manage Red teaming, VA-PT and the other Risk assessment as per the business needs
KEY SKILLS & BEHAVIOURAL ATTRIBUTES
· Expertise in information/Cyber security standards, frameworks, and best practices, such as ISO 27001, NIST etc.
· Ability to assess security policies, procedures, and controls across the organization.
· Experience in conducting risk assessments and compliance reviews and preparing reports and recommendations.
· Strong leadership and communication skills, with the ability to influence and collaborate with senior management and stakeholders.
· Knowledge of emerging security threats, trends and technologies, and the ability to proactively identify and mitigate risks.
· Critical thinking and problem-solving skills, with the ability to analyze complex situations and provide effective solutions.
· High ethical standards and integrity, with the ability to handle confidential and sensitive information.
EDUCATION / EXPERIENCE
· Graduate / Postgraduate in computer science, information systems/ Technology, Cybersecurity, or a related field
· Minimum 10 years of experience in information security management, compliance, and risk assessment roles, preferably in a large and complex organization.
· Certification in relevant security domains, such as CISSP, CISM, CRISC, CEH, Red Teaming etc
· Should have strong leadership, communication, analytical and problem-solving skills.
· Display a high level of integrity, professionalism, and ethical conduct.