Head Cybersecurity

Role –

Head of IT CyberSecurity

Job Location-

Malaysia, KL

Experience –

20+ Years

Context:

The Head of Information Technology (IT) Security will be responsible for developing, implementing, and monitoring a strategic, comprehensive enterprise cybersecurity and IT risk management program. The Head, IT Security will provide the vision and leadership necessary to manage the risk to the organization and will ensure business alignment, effective governance, system and product availability, integrity, and confidentiality. This position reports to the Chief Information Officer (CIO). The role requires an in-depth understanding of information security, technology architecture, and business security.

RESPONSIBILITIES:

• Provide strategic direction for IT data and cybersecurity protection, oversee technology governance and policies.
• Develop IT security strategy, security awareness programs, security architecture, and incident response plans.
• Offer strategic risk guidance for IT projects, including evaluation and recommendation of technical controls.
• Educate leadership on security risks and mitigation strategies.
• Collaborate with IT and compliance teams, coordinate audits to ensure adherence to laws, regulations, and policies.
• Maintain and publish security policies, standards, and guidelines; oversee training and dissemination of security practices.
• Evaluate emerging cybersecurity threats and IT trends, develop effective security controls, and oversee awareness programs.
• Develop and oversee disaster recovery policies aligned with business continuity goals, coordinate implementation plans, and provide support during incidents.
• Provide guidance on new security tools and manage licenses effectively.
• Evaluate potential security breaches, coordinate responses, and recommend corrective actions.
• Supervise staff performance and define security metrics for reporting.
• Lead projects, ensuring objectives align with policies, procedures, and standards, including regulatory compliance.
• Stay informed on industry and regulatory trends relevant to enterprise technology.
• Provide risk-based direction for system enhancements aligned with the firm's strategy.
• Drive continuous improvement in the security function.
• Deep understanding of security frameworks such as ISO 27001, SANS CSC, NIST, CSA, DPA, GDPR, PCI-DSS, OWASP.

Experience:

• Minimum of ten (10) years in a related field.
• Certified Information Security Manager (CISM) or CISSP certification required.
• Knowledge of ITIL and security governance in a multi-platform environment.
• Experience in establishing cybersecurity and risk metrics.
• Strong emotional intelligence and leadership skills in large organizations.
• Management experience including budgeting, policy development, personnel administration, and staff training.
• Effective communication skills and ability to work with diverse groups.