Chief Manager - IT Risk

The employment will be on contractual basis for three years, which may be renewed on discretion of the Management based on company’s requirement and individual’s performance.

Qualification & Experience:

Bachelors in Computer Science with 10 years of experience or MCS with at least 09 years of experience. Cyber security, or related field preferred Certifications in relevant Security and Compliance {CISA, CRISC, CISSP, etc.) preferred

• Lead the development / implementation of system-wide risk management function of the information security program to ensure information security risks are identified & monitored.
• Advance the design, delivery, and performance of IT risk metrics and reporting including the Business Impact Assessment, IT Risk Management Framework, and the management of configurations and standards.
• Internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls, risks involved for the organization's information and technology systems.
• Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures to meet defined requirements, policies and regulations.
• Lead enterprise, network, application, and cloud infrastructure risk assessments while maintaining process and procedural documentation.
• Manage third-party risk assessments and ongoing monitoring activities for IT vendors.
• Coordinate and track all IT Risks, information technology and security related assessments including scope of assessment, parties involved, timelines, and outcomes.
• Must be able to assess computer hardware, software, and systems for security risks or violations and work with staff and technology vendors to recommend solutions.
• Develop strategies to address awareness and training for all stakeholders as well as technical solutions.
• Manage a dynamic team while helping them grow in their positions and keeping them motivated and informed of organization's direction.
• Provide insight and guidance to IT processes and projects to ensure best practices and security standards are maintained.
• Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk, and measures for computer and network security.
• Operate with a high degree of independence with regard to project management activities, including development of project plans and budget/resource estimates.
• Excellent knowledge and experience of information security, audit, risk management, compliance or risk consulting experience.
• Knowledge & Experience of securing network technologies, client, and server operating systems.
• Must be well versed with laws and guidelines affecting Energy / utility entities.
• Experience responding to, analyzing and communicating information security incidents.
• Excellent written and verbal communication skills.
• Excellent interpersonal, communication, and presentation skills, including formal report writing experience.

Copyright (c) 2018-2025 Sui Southern Gas Company Limited. All Rights Reserved.