Senior Manager - Cyber Resilience & CII (Cluster CISO Office)

Position Overview

The Cybersecurity Risk Manager performs an assessment of cyber risks associated with technology initiatives and provides recommendations on control requirements by risk, policy, and standards. The potential candidate will:

• Be familiar with cybersecurity policies, standards, protocols, and frameworks, and the organization's regulatory compliance requirements for cybersecurity. He/she also has expertise in cyber risk mitigation strategies

• Understands the organization's risk appetite and ensures risks are within acceptable levels for the management endorsement of technology initiatives

• Have a sharp, analytical mind and is able to anticipate problems and risks to mitigate them ahead of time. He/she is an excellent communicator who works well with others and promotes a cooperative working environment and relationships within and beyond his/her team

Role & Responsibilities

Critical Work Functions and Key Tasks

Conduct Cyber Risks Assessments:

• Conduct system cyber risk assessments and/or thematic assessments as per the policy-required intervals

• Provide technical recommendations on risk mitigations following the identification of vulnerabilities and risks in systems

• Document risk register by jointly working with the project team in identifying suitable risk treatment plans

• Conduct thematic assessments to review security controls/processes to identify improvement areas to be produced as a report

Security Advisory:

• Be a Security subject matter expert in guiding the project/operations teams on security matters at various project life cycle stages before and after rollout - security requirements, security design, security testing, security operations, secure disposal

• Assist project teams in security requirements specifications and security design reviews

• Provide support and advice to project teams to ensure compliance with security policy requirements

Stakeholder Reporting:

• Develop cyber risk reports

• Reporting of cyber risks to stakeholders and management

• Monitor and escalate overdue risk mitigation actions

Requirements

• Bachelor's Degree in IT or equivalent

• More than 5 years of hands-on experience in cyber defense roles

• Cybersecurity qualifications such as CISSP, CISM, CISA are preferred

• Good Knowledge/experience in NIST Cybersecurity framework implementation

• Good knowledge and experience with platform, network, and application technologies

• Good problem analysis and resolution skills

• Good influencing skills within the team, department, and across departments

• Ability to contribute through others, collaborate well across seniority, cultures, and locations

• Good written and communication skills with the ability to interact and engage with stakeholders and all levels of management

• Ability to work well under pressure and respond to tight deadlines