Head of Cyber Security

Qualifications:

Summary:

The Cyber Security Manager is responsible for planning, implementing, and managing the overall cyber security strategy for Johor Plantations Group Berhad. This role will play a crucial part in protecting the company's sensitive data, critical infrastructure (including IoT devices and industrial control systems), and reputation from cyber threats. The ideal candidate will have a strong understanding of cyber security frameworks, risk management, incident response.

Education:

• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field.

Experience:

• More than 5 years of experience in cyber security, with at least 2 years in a management role.
• Proven track record in assurance for IT operations and compliance activities.
• Experience with security technologies such as firewalls, IDS/IPS, endpoint detection and response (EDR), SIEM, and vulnerability scanners.
• Experience in securing OT/ICS environments is highly desirable.
• Knowledge of SCADA systems, PLC security and experience with securing IoT devices used in agriculture (e.g., sensors, drones) is highly desirable.

Certification:

• Relevant certifications such as CISSP, CISM, or GIAC are preferred.
• Additional certifications such as ISO/IEC 27001.

Skills:

• Strong understanding of cyber security frameworks (NIST, ISO 27001) and best practices.
• Knowledge of cyber security regulations and compliance requirements.
• Excellent communication, interpersonal, and leadership skills.
• Understanding of the unique security challenges faced by plantation companies (e.g., remote locations, limited connectivity).
• Ability to work with a diverse workforce, including those with limited technical skills.

Key Responsibilities:

• Develop and Implement Security Strategy: Design, implement, and maintain a comprehensive cyber security program aligned with industry best practices (NIST, ISO 27001, etc.) and business objectives. Conduct regular risk assessments to identify vulnerabilities and threats to company systems and data.
• Develop and enforce security policies, procedures, and standards. Stay informed about emerging cyber security threats and vulnerabilities relevant to the plantation industry (e.g., smart agriculture, supply chain threats).
• Secure Infrastructure and Operations: Oversee the deployment and management of security tools such as firewalls, intrusion detection/prevention systems, endpoint protection, and security information and event management (SIEM) systems. Secure operational technology (OT) and industrial control systems (ICS) used in plantation operations. Manage security for cloud-based infrastructure and applications. Ensure proper access controls are in place for all systems and data.
• Incident Response and Recovery: Develop and maintain an incident response plan to address cyber security incidents effectively. Lead incident response efforts, including investigation, containment, eradication, and recovery. Conduct post-incident analysis to identify root causes and improve security posture.
• Compliance and Training: Ensure compliance with relevant cyber security regulations and standards. Develop and deliver security awareness training programs for employees on topics such as phishing, social engineering, and password security.
• Third-Party Risk Management: Assess and manage the security risks associated with third-party vendors and partners. Ensure that security requirements are included in contracts with vendors.
• Continuous Improvement: Regularly review and update the cyber security program to adapt to changing threats and business needs. Proactively identify and implement security enhancements.

Work Environment:

• Collaborative Culture: Work closely with diverse teams across Digital Core Solution and Digital Infrastructure departments to ensure cohesive governance practices.
• Innovative Environment: Be part of a forward-thinking organization that values continuous improvement and technological innovation.
• Professional Growth: Opportunities for ongoing training, certification, and development in digital governance, IT audit, and related areas.
• Dynamic Challenges: Engage with complex, real-world challenges in IT governance and audit processes, contributing to meaningful improvements in the digital landscape.
• Hybrid Work Opportunities: Flexible working arrangements to balance in-office collaboration and remote productivity.
• High-Impact Role: Directly contribute to enhancing organizational compliance, security, and efficiency within the digital ecosystem.
• Supportive Leadership: Benefit from a leadership team that prioritizes transparency, accountability, and mentorship.