Group Chief Information Security Officer (CISO)

The Group Chief Information Security Officer (CISO) is responsible for defining and leading the enterprise-wide information security strategy to protect the organization's systems, data, and digital assets. As a key member of the leadership team, the CISO will oversee the development and implementation of security frameworks, policies, and operational controls, ensuring the business is resilient to current and emerging cyber threats.

• Develop and drive the organization’s information security vision, strategy, and roadmap aligned with business objectives.
• Act as a trusted advisor to senior management and the board on cybersecurity risks and resilience.
• Lead cross‑functional efforts to embed security into business operations and technology initiatives.

• Establish and maintain cybersecurity governance structures, policies, and standards.
• Ensure compliance with relevant laws, regulations, and industry standards.
• Oversee enterprise risk management processes related to information security, including third‑party/vendor risk.

• Manage day‑to‑day security operations including threat detection, incident response, and vulnerability management.
• Lead investigations into security incidents and coordinate containment, remediation, and root cause analysis.
• Continuously improve the organization’s incident response capability and playbooks.

• Partner with IT and digital teams to ensure security is built into systems, platforms, and applications.
• Evaluate and implement cybersecurity tools and services to enhance the organization’s defense capabilities.
• Provide oversight on the secure adoption of new technologies, including cloud, mobile, and remote access.

• Build, mentor, and lead a capable in‑house cybersecurity team.
• Define team structure, roles, and career development plans.
• Promote a culture of accountability, collaboration, and continuous improvement.

• Drive organization‑wide security awareness and training programs.
• Engage business and functional leaders to ensure security considerations are integrated into decision‑making.
• Foster a risk‑aware culture across all levels of the organization.

• Bachelor’s or Master’s degree in Information Security, Computer Science, or a related discipline.
• Recognized security certifications such as CISSP, CISM, or equivalent.
• At least 12‑15 years of experience in information security, with 5+ years in a senior leadership capacity.
• Strong understanding of security governance, operations, risk management, and compliance.
• Proven ability to communicate and influence effectively at the senior management and board levels.

If you’re interested to apply or find out more, please share your CV or reach out to Chen Yi at cy@kerryconsulting.com for a discussion. Due to anticipated high volume of applications, we regret to inform that only shortlisted candidates will be notified.

Reg: R1876389

Lic: 16S8060