Lead Security Officer (JD#9979)

We are looking for Deputy Chief Security Information Officers (CISO) who have familiarity with Cybersecurity Governance, Operations, Engineering and Testing in on-premises and major cloud platforms and their security features, will ensure security is well-considered and uplifted & digitalization transformation matters.

Responsibilities:

• Responsible to design information security, protection and management framework, guidelines and best practices for the organization;
• Lead the formulation of cyber security strategies and work plan, policies, standards and guidelines, supporting digitalization planning and aligning with business strategic goals and policy baselines;
• Ensure the formulated security policies remain aligned with business security strategy goals with regular Gap analysis performed;
• Assist management in overseeing security matters, such as approving and tracking security work plan and resourcing, monitoring performance in security indicators and risk acceptance decisions;
• Govern the security posture by maintaining a full visibility of all systems (Assets) across different operating environments, the systems’ security design, implementation and operations through regular reviews;
• Implement Cybersecurity risk assessment and acceptance processes at the management level;
• Review, provide consultation and endorse risk management and mitigation plans from project teams;
• Provide advisory and consultancy on the appropriate cyber security solutions and technologies to be deployed suitable to business operations and aligned advisories and practices;
• Ensure secure development life cycle is complying to the security policies, and the security controls implementations are complying to the defined security policies, standards and guidelines;
• Design and implement end user security awareness programmes and establish defined processes for Threat and Incident Management;
• Plan, design and conduct security incident response workshops and exercises (table-top exercises, simulation and drills) and lead the investigation and management of security incidents.

Requirements:

• Degree in Computer Science, Information Systems, Engineering, or a related technology-focused field;
• At least 8 years of work experience in Information Security operations, policies and procedures;
• Demonstrated working knowledge of technology processes, security policies, standards, controls, and risk measurements;
• Proven record in identification, investigation and resolution of potential IT security risks, controls and process gaps;
• Knowledge or experience with Infrastructure as Code (IaC) tools like Terraform and Ansible;
• Ability to identify cybersecurity risks and threats specific to both on-premises and cloud environments, with the expertise to assess their impact and likelihood;
• Proficient in evaluating the effectiveness of existing controls and recommending appropriate mitigation strategies for both on-premises and cloud cybersecurity and data security concerns;
• Strong understanding of compliance requirements and the ability to identify potential violations within on-premises or cloud environments;
• Strong personality and yet personable to build and enrich relationships within the organization;
• Excellent communication, presentation, planning and organization skill.
• Certifications are encouraged to demonstrate continuous learning and mastery of best practices for this role, such as CISSP, CISM, or CISA GSEC certifications.

Should you be interested in this career opportunity, please send in your updated resume to apply@sciente.com at the earliest.

When you apply, you voluntarily consent to the disclosure, collection and use of your personal data for employment/recruitment and related purposes in accordance with the SCIENTE Group Privacy Policy, a copy of which is published at SCIENTE’s website (https://www.sciente.com/privacy-policy).

Confidentiality is assured, and only shortlisted candidates will be notified for interviews.

EA Licence No. 07C5639