Head - IT Security

Job Summary

We are currently looking for a seasoned leader as the Head of IT Security. The incumbent will be responsible for leading the transformation while establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. This role oversees the development and implementation of security policies, standards, and procedures to ensure the protection of the organization's information systems and data.

Mandatory Skill-set

• Degree in Computer Science, Information Security, Information Systems or a related field;
• At least 12-15 years of experience in IT security & risk management preferably in a large scale organisation;
• Deep knowledge and understanding of internal controls, security frameworks, risk management and IT governance, auditing techniques, threat modeling and risk management principles;
• Good knowledge of enterprise IT systems and components (applications, operating systems, databases, networks, cloud, DevOps);
• Knowledgeable in using various cyber security monitoring and analysis tools and techniques depending on the organization's needs and requirements;
• Familiarity with security technologies such as firewalls, intrusion detection systems, and endpoint protection;
• Familiar with cyber security standards, protocols and frameworks such as NIST, CIS, PCI/ DSS, MAS TRM, ISO standards;
• Experience with Security operations centers (SOC) and setting up SOC models;
• Experience in driving enterprise initiatives for E2E security posture analysis;
• Ability to work with subsidiaries and understand regional security requirements;
• Strong in analytical thinking with attention to detail;
• Excellent communication and interpersonal skills.

Desired Skill-set

• CISSP, CISM, CRISC, CGEIT and/or CISA certified.

Responsibilities

• Define and implement the Enterprise InfoSec (IS) landscape and roadmap;
• Responsible for documenting methodologies and tools to mitigate information security or cyber risk for on-prem and cloud platforms;
• Prepare reports for information security or cyber risk related reporting, threat awareness and security awareness reports;
• Design and implement secure cloud architecture for various cloud platforms and act as an SME for cloud platforms (AWS, GCP, or Azure) using cloud-native security services;
• Recommend corrective actions or appropriate security controls to mitigate technical risk;
• Conduct Technology Security Risk Assessments on systems throughout their lifecycle to identify and mitigate security risks;
• Assist in the development of policies for conducting cyber security risk assessments and compliance audits;
• Formulate governance procedures for documenting and updating security policy, standards, guidelines and procedures;
• Perform information security or cyber risk assessment activities and assess third party security controls and internal security systems including onsite assessments;
• Establish scope of risk analysis for new technology initiatives and identify security risks in the Tech Obsolescence Risk program;
• Communicate with regulators such as MAS and ensure solutions meet external and internal requirements and guidelines;
• Keep abreast of the dynamic cyber threat landscape and identify opportunities for enhancement of IT risk processes;
• Provide regular updates on the overall health of compliance, criticality assessment, audit findings, remediation and action plans.