Summary
This role leads enterprise cyber security operations, governance, and strategic initiatives to protect the organisation's digital assets and ensure regulatory and framework compliance. The incumbent oversees SecOps execution, cyber risk management, policy and standards development, vendor and MSSP management, and organisationwide cyber readiness through audits, tabletop exercises, and awareness programs. Working closely with business and technology stakeholders, the role ensures cyber security controls, cloud security standards, and incident response capabilities are aligned with business objectives, resilience requirements, and senior leadership reporting needs.
Responsibilities
SecOps (50%)
- Review, approve, prioritize, and submit operational requirements for research, development, and/or acquisition of cyber capabilities.
- Provide input to the identification of cyber-related success criteria.
- Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.
- Develop cyber operations plans and guidance to ensure that execution and resource allocation decisions align with organizational objectives.
- Ensure effectively transition operational planning efforts to operations.
- Manage cyber security vendors and MSSPs.
- Manage cyber security attestation, assess impact, and provide responses to cyber threats, incidents, and remediation efforts.
- Collect and maintain data needed to meet system cybersecurity reporting to senior leadership
Cyber Governance (40%)
- Responsible for conducting information security risk assessment for new projects and existing systems to ensure it aligns to cyber security policies.
- Manage security audits, assess the impact and provide responses to cyber threats, incidents and remediation efforts.
- Engage information system stakeholders to communicate cyber security risk issues and provide advisory on a risk mitigation plan.
- Establish cyber policies and standards to address issues of importance to Certis across Business Units.
- To codify and implement corporate-wide cyber awareness exercises thru Phising Red teaming Ex.
- Work with business stakeholders to conduct table-top exercises and draw up cyber security strategies.
- Lead data security program to inform permissible use(s) and required protections for different types of information.
Cyber Projects or Initiatives (10%)
- To take part in cyber projects or initiatives to fortify the cybersecurity controls.
Requirements
- A team player and a great collaborator with a firm commitment to the team's success
- Self-motivated with strong interpersonal and stakeholder management skills.
- Possess the Growth Mindset
- Bachelor's degree in related area and/or with equivalent experience in cyber security training, e.g. CISSP.
- Exposure to IT risks assessment or technology audit work includes enterprise IT security, cyber security and/or cloud security services, e.g. AWS, Azure.
- Preferably possess 3-5 years of experience in deploying and supporting IT back-end operations such as applications, network infrastructure, database and/or systems servers.
- Strong ability to understand both IT and business processes.
- Strong knowledge and experience with Cloud security standards and cybersecurity frameworks like NIST, ISO27001, CSA Security-by-Design and Personal Data Protection Act, Essential 8 are essential.
- Up to date with knowledge on cyber security technologies and standards. Operational knowledge of and experience in SIEM and SOAR would be ideal.
