Develop and maintain cyber security policies, procedures and standards in alignment with industry frameworks (e.g. ISO 27001, NIST Cyber Security Framework).
Identify, assess and document cyber security risks to the organization - develop and maintain risk registers and implement mitigation strategies.
Ensure the organization's adherence to relevant regulations, standards and frameworks (e.g. PDPC) conduct regular compliance audits and provide recommendations for remediation.
Collaborate with incident response teams to establish protocols for managing and reporting cyber security incidents.
Act as a liaison between technical teams and business units to align cyber security practices with organizational goals.
Requirements
Degree in Cyber Security, Information Technology or related fields with ideally at least 3 years of relevant experience in a cyber security or GRC-related roles.
Good working knowledge of security risk management, security governance framework and compliance, vulnerability management (vulnerability assessment, penetration testing) and security incident response and security assessment.
Strong understanding of ISO27001 standards and NIST Cyber Security Framework.
Strong understanding of Disaster Recovery, Business Continuity and IT Regulatory Compliance.
Professional certifications would be an added advantage e.g. CGRC (ISC2) and CRISC (ISACA).
