Consultant at Talencia LLP
Views:2061 Applications:89 Rec. Actions:Recruiter Actions:11
Chief Information Security Officer - BFS (12-20 yrs)
A Leadership Role to Define and Implementation of Cyber Security including Information Security Policy at group level (Including all business unit's Regulatory and compliance requirements) and monitoring the same. Including MAS (Monetary Authority of Singapore) Technology Risk Guidelines
- Define and Implementation of Data Privacy Protection Policy at group level (Including all business unit's Regulatory and compliance requirements) and monitoring the same. Including GDPR and IDPR Privacy Guidelines
- Supports CTO and Group CTO in implementing the group wide Information Security strategy and roadmap.
- Ensures alignment of all IT Activities with IT Security Strategy.
- Set up monitoring and controlling of Information Security directives on a corporate level
- Set up SOC for all Cyber Security, Information Security and Data Privacy Incidents Management
- Ensures an effective communication between the business responsible / key users and the IT Department
- Liaises with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure the Group maintains a strong security posture and promptly responds to security incidents.
- Conducting a continuous assessment of current IT security practices and systems and identifying areas for improvement
- Running security audits and risk assessments
- Delivering new security technology approaches and implementing next generation solutions
- Ensuring compliance and governance is met
- Protecting the intellectual property of the organization at all times
- Devising strategies and implementing IT solutions to minimize the risk of cyber-attacks
- Reviewing, analyzing and delivering data information
- Managing the IT security budget and communicating this with the appropriate parties
- Responsible for protecting organization's computers, networks, data and Privacy against threats, such as security breaches, computer viruses or attacks by cyber-criminals
- Responsible for defining all required standards, requirements, policies, procedures, device configuration documents i.e. hardening documents or MBSS, forms, guidelines, awareness, training wrt Information Security
- To become a model of good practice for the applicable legislation which it regulates and is committed to continuous improvement in this area.
- Conducting internal and certification related Information Security and Data Privacy audit for the projects and support business groups. Including VAPT tests to internal as well as public network applications and systems
- Facilitate technology, information and privacy risk assessment to all business units and maintain risk inventory repositories for the respective Business Units.
- Fulfilling the assessment and providing guidance from Segregation of Duties perspective
- Provide inputs for IT policies and facilitate enhancement for process improvements.
- To promote security awareness by developing and implementing a security awareness and training program
- To investigate suspected and actual security incidents in accordance with the security incident management standard, produce reports with recommendations and ensure any remedial action is taken. Also, responsible for submission and action for CAPA (Corrective Action and Preventive Action)
- Produce reports for the Information Security Steering Committee (ISSC), Information Asset Owners/Custodians and the Risk and Compliance Officers as required
- Become active member of CAB (Change Advisory Board) to certify and approve change requests from Information Security assessment perspective
- Respond to enquiries from staff and provide security advice as required
- Participate in vendor discussions on topics related to Information security and regulations compliance.
- Facilitate implementation of security plan in conjunction with other support functions like IT management Team, Physical Security, Human Resource Security, Facility Administration.
- Representing Management Review meetings to present Information security initiatives.
- Security - ensure continued compliance with established security and confidentiality policies
- Provide general and specific information about security risks and controls to those who need to know so that they can recognize and respond to potential incidents.
- Motivate employees, contractors, and consultants to change their behaviors and incorporate security concerns into their decision making. Improve overall compliance with the organization's information security policies, procedures, standards, and checklists
- Business Continuity and Disaster Recovery - Revise periodically as required by business and ensure continued compliance with established Business Continuity policies and procedures.
- Report on Information Security project metrics on a regular basis; collaborate with IT functional leaders to address gaps
- Completely responsible and accountable for Cyber Security, Information Security and Data Privacy health for an Organisation
- Act as backup person to Infrastructure person vice-versa
This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.