Lead - Cyber Security- GRC

Responsibilities & Key Deliverables

Key Responsibilities:

• Governance:

o Develop, implement, and maintain information security policies, standards, and procedures.

o Ensure alignment with industry standards and regulatory requirements.

o Conduct regular reviews and updates to the information security governance framework.

o Perform and investigate internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.

o Document and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.

o Remain current on best practices and technological advancements and acts as the technical resource for security assessment and compliance.

o Develop reporting metrics, dashboards, and evidence artifacts.

• Risk Management:

o Identify, assess, and prioritize information security risks.

o Develop and implement risk mitigation strategies.

o Conduct regular risk assessments and audits to ensure compliance and identify areas for improvement.

• Compliance:

o Monitor and ensure compliance with relevant laws, regulations, and standards (e.g., GDPR, ISO 27001, NIST & DPDPA).

o Prepare and manage internal and external audits.

o Develop and deliver training programs to ensure staff awareness and compliance with information security policies.

Information Security Requirements:

• Strong understanding of information security principles, frameworks, and best practices.

• Experience with risk management methodologies and tools.

• Knowledge of regulatory requirements and industry standards (e.g., GDPR, ISO 27001, NIST).

• Proficiency in conducting security assessments and audits. Behavioural Aspects:

• Integrity: Demonstrates a high level of integrity and ethical behaviour.

• Attention to Detail: Meticulous and thorough in ensuring compliance and identifying risks.

• Problem-Solving: Strong analytical and problem-solving skills.

• Communication: Excellent verbal and written communication skills.

Collaboration:

• Work closely with cross-functional teams to ensure information security is integrated into all business processes.

• Collaborate with IT, legal, and compliance teams to address security risks and compliance issues.

• Foster a culture of security awareness and compliance across the organization.

Experience

• Bachelor’s degree in information security, Computer Science, or a related field.

• Relevant certifications (e.g., CISSP, CISM, CRISC) are highly desirable.

Industry Preferred

Qualifications

BE Telecommunication / Computer IT with certification in network professional

General Requirements