Manager, CyberSecurity & IT Governance

Responsibilities

The Cybersecurity Manager is responsible for safeguarding the art museum's digital assets, information systems, and IT infrastructure from cyber threats. The role encompasses overseeing the implementation of cybersecurity protocols, managing risk, and ensuring compliance with industry standards and governance policies. The ideal candidate will also possess a strong understanding of IT governance to align cybersecurity strategies with the museum's objectives and operations.

Key Responsibilities:

• Cybersecurity Strategy & Implementation:
  • Develop and implement a comprehensive cybersecurity strategy tailored to the museum's needs.
  • Oversee the deployment of security technologies (firewalls, intrusion detection, anti-malware) and ensure their proper operation.
  • Conduct vulnerability assessments and penetration testing on systems, networks, and devices to identify and mitigate risks.
• IT Governance, Data Governance & Compliance:
  • Establish and enforce IT governance policies in line with industry standards and legal/regulatory requirements (e.g. PDPA, ISO27001).
  • Collaborate with museum leadership to align cybersecurity policies with strategic goals.
  • Monitor and ensure compliance with internal governance frameworks, data privacy laws, and external audit requirements.
  • Manage and perform assessment and review on security review for applications and systems.
  • Collaborate with the Data Governance team to establish and enforce data governance policies, standards, and procedures.
• Incident Response & Management:
  • Develop and manage the incident response plan, ensuring rapid and effective response to cybersecurity incidents.
  • Coordinate with external agencies and partners for threat intelligence and reporting.
  • Conduct post-incident analysis and ensure continuous improvement in response tactics.
• Risk Management:
  • Lead cybersecurity risk assessments and establish risk management plans.
  • Implement controls to safeguard sensitive information.
  • Maintain up-to-date risk registers and report on the security posture of museum systems.
• Staff Training & Awareness:
  • Create and deliver cybersecurity awareness training for museum staff, volunteers, and contractors.
  • Promote a culture of security awareness across the organization.
• IT and Data Asset Protection:
  • Secure the museum's technology stack, especially regarding personal data and intellectual property.
  • Collaborate with the Data Governance team to implement data classification schemes.
• Vendor & Third-Party Management:
  • Assess third-party vendors and contractors to ensure compliance with the museum's cybersecurity policies.
  • Negotiate security terms in vendor contracts and oversee third-party risk management.

Qualifications

Must-Haves:

• Bachelor's degree in Computer Science, Information Security, or related field.
• 5+ years of experience in cybersecurity, preferably in a cultural institution, museum, or non-profit environment.
• Experience in IT governance, data governance risk management, and compliance (GRC).
• Proficient in network security technologies.
• Expertise in cybersecurity practices.
• Strong problem-solving skills and the ability to think critically under pressure.
• Effective communication skills.
• Interest in art and a desire to protect the museum's mission.

Good-to-Haves:

• Hands-on experience with security operations, incident response, and digital forensics.
• Experience with data governance tools.
• CISSP, CISM, CRISC.