Job Description:

The Chief Information Security Officer will provide a clear vision and direction for information and Cyber Security operations, be responsible for overseeing a range of technical and process security controls and leading a plan of continuous improvement in response to changing security threats and risk.
The CISO will be responsible for the leadership, innovation, governance, and management necessary to identify, evaluate, mitigate, and manage the company’s operational and strategic risk.

Duties and responsibilities:

Define, develop and maintain a business-aligned Information and Cyber Security strategy and operating model
• Define and embed an Information Security Policy Framework across the company that addresses the needs of the Company, its staff and other external stakeholders in line with relevant legislation and industry standards
• Provide advice and direction to the Company’s senior leadership team, in the integration of security practices into the Company’s strategic and operational processes
• Drive and deliver change to the Company’s Information and Cyber Security systems, processes and procedures by continuously analyzing and reviewing new security technologies and practices as informed by industry best practice
• Report to company IT Manager and management on Information and Cyber Security matters, provide senior leadership and oversight of effective information and Cyber Security risk management
• Represent the Company with customer engagements and external consortium groups and boards and engage effectively in appropriate external networks
• Ensure that the culture, policies, structures, and reporting systems are in place to allow the Information Security team to achieve the highest standards of quality, legal and regulatory compliance and corporate governance in all areas and ensuring awareness across the Company
• Applying Company’s IT operations by executing Cyber Security best practices, designing, and implementing security devices and mitigations
• Ensure Information Security is managed effectively throughout the IT service delivery lifecycle (incl. Security Operations, Security Architecture and Security Assurance), enforcing compliance with policies in conjunction with internal audit
• Monitor data management procedures and compliance within the company
• Oversee and monitor the operational risk management activities of the organization

Requirements:

• Thorough understanding of IT systems (On-prem and Cloud), broad knowledge of information security frameworks, pertinent regulation and legislation, vulnerability management, incident management and response, secure development techniques and approaches, Cyber Security engineering and operations, and management and governance of Cyber risk and Cyber Security.
• A track record in the management and delivery of transformational security improvements across an organization
• Proven experience at engaging, influencing and managing stakeholders across departmental and organizational boundaries up to and including director/Vice Chancellor Executive level
• An excellent understanding of best practice within Information Security and risk management including standards such as ISO/IEC 27001, Cyber Essentials and CObIT
• An understanding of current and emerging threats and countermeasures and the organizational challenges to addressing these threats
• A good practical knowledge of security technologies and wider business solutions including Firewalls, IDS/IPS, Identity and access management, SIEM, remote working and cloud technologies, i.e.CASB solutions
• Hands-on experience on cloud environments Cyber security solutions and implementations. (AWS- a Must)
• Experienced in leading, developing and motivating a team of subject matter experts including IRP methodology
• A working knowledge of information technology, systems and applications integrate with business processes and operations
• Familiarity with current data privacy regulations, including GDPR and regional standards.
• Strong understanding and experience with Secure SDLC and DevOps or security automation

Skills and Qualifications:

  • One or more of the following qualifications: CISM / CISSP / CISA
  • ISACA RISK/CRISK certification is an advantage
  • B.Sc. in computer science or equivalent or M.B.A is an advantage
  • Knowledge of FedRamp compliance is an advantage
  • A collaborative leader with strategic acumen and problem-solving skills, able to inspire and motivate colleagues
  • Excellent communication skills, both written and verbal English.

Please send resume and cover letter to [email protected]