Cyber Security Head

The Cyber Security Head ensures that the Information Security Policies, Standards, and Procedures are aligned with industry best practices for enterprise security and security standards governing Industrial Control Systems. Given the industry practices and the risk landscape of the organization, he/she will initiate the planning for security projects and initiatives, and will provide oversight functions to ensure that resources needed to implement the information security projects and initiatives are adequately available.

He/she should be knowledgeable on various protective technologies that are needed to strengthen the security posture of the company. He/she will report in a timely manner all information security related issues, risks, and findings to the Chief Information Security Officer (CISO). He/she must also implement directives within agreed timelines and expected quality of output.
Further, he/she will support the internal audit for Information Security and will also provide support for external audits, data privacy audits, and compliance checks. He/she will also prepare compliance reports and track action plans.

GENERAL RESPONSIBILITIES

• Manage the overall activities in information security governance team ensuring the deliverables are completed within timelines and within expected quality

• Make proactive action in identifying the risks and propose areas for improvement to the Group CISO and to the Senior Management Team of the company

• Lead the establishment of the functional and technical information security policies, standards/guidelines and procedures and ensure its effective implementation across business units

• Lead the development of the Information Security Awareness Plan and ensure its operationalization across the company.

• Establish KPIs to effectively gauge information security implementation

• Review and analyze how new security solutions and processes can streamline existing solution sets, ensuring a unified and cohesive security architecture

• Lead the conduct of Information Security Risk Assessments and audits to various business groups

• Manage projects and ensure that risks are identified and mitigated to ensure completion within agreed timelines

• Mentor the team members to have a solid understanding on applicable information security standards and educate them on how to carry out audits and risk assessments

• Provide timely update and escalation of security issues, risks and findings to the CISO

• Work with the CISO on monitoring the budget for Information Security Group

TECHNICAL COMPETENCIES

• Highly knowledgeable in ISO27000, PH DPA, BSP Circulars on Information Security, COBIT, NIST and SANS

• Highly knowledgeable in ISMS Audits and Risks Assessments

• Knowledge on Payment Card Industry Data Security Standard (PCIDSS)

• Knowledge in Project Management Knowledge Areas and Principles

• Knowledge in endpoint security configuration

• Knowledge on Application and Network Security

• Knowledge in cloud technologies such as AWS, Azure

• Knowledge in Threat Analysis

• Knowledge in System Development Lifecycle methodologies such as Waterfall, Iterative and Agile

• Knowledge on Enterprise Security Architecture

QUALIFICATIONS

• Bachelors degree in Computer Science, Information Technology, Business-related course or its equivalent

• At least 7 years of relevant work experience in implementing information security program, assurance and solution set

• ISACA or ISC2 Certification is a must

• Has excellent business communication skills

• Has experience in project management