Cybersecurity Governance Head

JOB SUMMARY

As the Head of Cybersecurity Governance team
, and the position will lead in ensuring the execution of pillar strategic initiatives and running daily operations, which include the following:

• Policies, Standards, Process and Compliance
• Supply Chain Cyber Risk
• Awareness, Training and Adoption
• Business and Asset Protection

General Responsibilities:

On Policies, Standards, Process and Compliance Management:

• Manage, test and continuously benchmark internal cybersecurity processes and identify improvements and achieve higher capability maturity
• Validate security control self-assessment of process owners/stakeholders, and pursue remediation of identified gaps
• Perform audit of the company's compliance with ISO 27001 practices
• Collaborate with DPO, Internal and External Audit to pursue closure of identified compliance gaps
• Keep abreast of regulatory developments within or outside the company as well as evolving best practices in compliance control.
• Assess, facilitate, and manage process involving cybersecurity policy violations committed by employees and contractors. This includes issuance of Notice to Explain for errant parties.
• Respond to Cybersecurity questionnaires, in relation to Insurance application or other external assessment requirements, to baseline or benchmark the security risk posture of the company
• Review and calibrate, as needed, the Violations and Table of Penalties based on observed non-compliance incidents
• Issue Memorandums to concerned stakeholders on their non-compliance with security directives
• Assist in the preparation of Memorandums to internal stakeholders (asset/process owners and custodians) to ensure compliance with committed deadline to auditors

On User Awareness, Learning and Adoption:

• Establish, design, and implement cybersecurity user awareness campaigns, learning programs, communications and user adoption for new capabilities
• Work with the Supply Chain Cyber Risk team in implementing cybersecurity e-learning programs for the third-party partners

On Supply Chain Cyber Risk:

Ensure that cybersecurity clauses are included on all third-party contracts

• Review third-party contracts and ensure that cybersecurity requirements of the organization are properly represented
• Assess and conduct audit of third-party partners on company cybersecurity practices
• Conduct assessment of third parties' security posture as requirement for renewal/extension of engagement
• Implement systems to continually assess, quantify, and report third-party cyber risk exposure
• Manage the development, communication and implementation of supply chain security risk assessment

On Business and Asset Protection:

• Perform periodic passive and active discovery of assets
• Establish inventory of known devices, systems, software platforms, and data sources
• Build and maintain an asset portfolio for centralized management and control
• Identify orphaned assets
• Establish clear asset ownership and custodianship
• Work with ICTT and Network to maintain and update the asset register
• Define and enforce the implementation of adequate cyber controls for the risks prioritizing resources based on asset classification, criticality, and business value
• Provide support on vulnerability and remediation management programs, administration and operational tasks
• Improve the cyber maturity and compliance standing of business clusters

QUALIFICATIONS:

• Must be a lawyer
• With at least 15 years work experience in IT, Cybersecurity or equivalent
• With training and certification on IT and/ or Cybersecurity
• Has excellent communication and presentation skills
• Holder of relevant certifications, such as PMP, ITIL, CRISC, CIAM, CISSP CISA, etc. is preferred