The Head Cybersecurity provides leadership for the organization within the information security sphere through development of appropriate cyber security strategies and action plans.
You will be responsible for defining the cyber-security and data protection master plan by coordinating the technology roadmap for SPH Media's products and services, supporting solutioning strategies and cultivating internal and external partnership with the aim of developing the security community.
You will ensure that security is well-considered in our product development journey to align to the company policies and standards, as well as industry best practices. You will also be responsible for the planning, development and implementation of information security strategies and related policies.
You will be responsible for managing risk and providing controls and compliance guidance, aligning information security and information risk management strategy with business strategy and concurrently overseeing the organisation's security risk management plan.
Besides the CISO role, you will also play the role of CDPO, crafting, revising, and implementing policies. Being the contact point on all matters relating to PDPA, handling complaints on PDPA and privacy matters including ensuring adherence to PDPA and to our Privacy Policy & PDPA Manual, PDPA Ticketing System, including any revamp to the system due to business or legal requirements; liaising with PDPC, complainants and our management (including top management) about PDPA matters especially when there are alleged or actual data breaches. You will also be chairing of PDSC meetings.
Responsibilities:
Leadership and Strategy:
- Develop and execute a comprehensive cyber security strategy aligned with the organization's goals and regulatory requirements.
- Lead, mentor, and manage a high-performing team of security professionals, ensuring continuous professional development and fostering a collaborative environment.
- Work with senior leadership to define and maintain the organization's risk posture, ensuring that it aligns with business objectives and compliance standards.
- Manage and oversee the enterprise's cyber security governance, risk management, and compliance frameworks.
Cyber Security Operations:
- Work with Infrastructure teams on the design, implementation, and maintenance of security solutions, including firewalls, intrusion detection systems, encryption technologies, and identity management systems.
- Ensure the timely and effective response to security incidents, including conducting root cause analysis, developing mitigation plans, and leading incident response activities.
- Establish and refine processes for proactive monitoring and threat detection, working closely with security operations centers (SOCs) and other internal teams.
- Risk Management and Compliance:
- Manage risk assessments and vulnerability management processes, including risk identification, evaluation, and mitigation strategies.
- Stay up-to-date with evolving regulations and industry standards (e.g., GDPR, HIPAA, ISO 27001, NIST) and ensure the organization's compliance with applicable laws.
- Develop and maintain security policies, standards, and procedures, and ensure they are adhered to across the enterprise.
Cyber Threat Intelligence:
- Lead efforts to continuously monitor the threat landscape and provide timely insights on emerging threats and vulnerabilities.
- Build relationships with external stakeholders, including threat intelligence sharing communities, government agencies, and security vendors, to strengthen organizational defenses.
Business Continuity and Disaster Recovery:
- Develop and manage business continuity and disaster recovery plans in the event of a security incident or breach.
- Lead the execution of incident response drills, ensuring preparedness for potential security events.
Collaboration and Communication:
- Serve as a key advisor to senior management and executives on cyber security risk and strategic decisions.
- Educate and raise awareness across the organization on security best practices, security policies, and regulatory compliance.
- Ensure cross-functional collaboration between IT, legal, compliance, and business units to manage cyber security risks effectively.
Required Qualifications / Competencies / Skills / Knowledge
- At least 10 years of management experience related to information security and working knowledge of ICT operations, security policies and procedures.
- Strong leadership skills with a proven ability to drive change and influence cross-functional teams
- Extensive knowledge of security architecture, security operations, cloud security, endpoint security, and threat intelligence
- Strong knowledge of risk management and sound business practices
- Comfortable interacting with senior management and discussing critical issues
- Ability to work with a cross-functional, multi-disciplined team to formulate, institute and monitor security policies and procedures.
- Good understanding of both IT and business processes and the relationship between them.
- Strong knowledge of risk management and compliance standards, including but not limited to ISO 27001, NIST, SOC 2, and GDPR.
- Proven experience in leading incident response, threat management, and crisis management. Preferably Certified Information Systems Security Professional (CISSP), or Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM) certifications.
- Any additional cloud or platform-specific security certifications (e.g., AWS Certified Security Specialty, Microsoft Certified: Azure Security Engineer, etc.) are a plus.
