Cyber Security Specialist (Assistant Vice President)

Job Purpose:

The Assistant Vice President (AVP), Cybersecurity, Governance, Risk & Compliance is accountable for providing enterprise‑level leadership and governance oversight over LTAT's cybersecurity posture, information security governance, regulatory compliance, and cyber risk management within the technology domain.

The role serves as a key advisor to senior management and governing committees, ensuring cybersecurity risks are identified, assessed, governed, and managed in alignment with LTAT's risk appetite, regulatory obligations, and business objectives. The AVP is responsible for establishing and maintaining a robust cybersecurity governance framework, strengthening organisational resilience, and embedding security‑by‑design across digital, technology, and business initiatives managed by Information Technology Management Department (ITMD).

Key Accountabilities:

1. Enterprise Cyber Risk Management

• Establish, maintain, and continuously enhance LTAT's cybersecurity risk management framework within ITMD, aligned with organisational risk appetite and enterprise risk management principles.
• Identify, assess, prioritise, and manage cyber risks across applications, infrastructure, cloud, data, and third‑party technology environments.
• Own and maintain the cybersecurity risk register for ITMD, including risk treatment plans, mitigation actions, and residual risk tracking.
• Translate technical cyber risks into business, financial, operational, and reputational impacts to support management decision‑making.
• Lead and oversee cybersecurity incident management, including escalation, response coordination, post‑incident review, and remediation actions.

2. Cybersecurity Governance & Compliance

• Act as the owner of cybersecurity governance, policies, standards, and procedures within ITMD, aligned with recognised frameworks (e.g. NIST CSF, ISO/IEC 27001) and applicable regulatory requirements.
• Ensure consistent implementation, monitoring, and enforcement of cybersecurity controls, including governance over policy exceptions and risk acceptances.
• Lead engagement with regulators, auditors, and assurance providers on cybersecurity matters, and oversee timely closure of audit findings.
• Govern third‑party and vendor cybersecurity risks, including security requirements, assessments, and compliance monitoring.
• Prepare and present cybersecurity risk and governance reports, dashboards, and updates to IT Steering Committee (ITSC), EXCO, and relevant management forums.

3. Security Architecture, Controls & Integration

• Provide governance oversight to ensure security‑by‑design and security‑by‑default principles are embedded across systems, infrastructure, cloud platforms, and data environments.
• Collaborate with Enterprise Architecture, Digital, Infrastructure, and Application teams to ensure cybersecurity requirements are integrated into system design and technology initiatives.
• Oversee the effectiveness of cybersecurity controls and identify opportunities for optimisation, automation, and continuous improvement.

4. Security Awareness, Culture & Capability

• Define and govern LTAT's security awareness and culture strategy within ITMD, ensuring cybersecurity accountability is embedded across technology teams and stakeholders.
• Establish KPIs and effectiveness measures for security awareness and training programmes, while delegating operational delivery as appropriate.
• Promote a strong security culture that balances risk management with operational efficiency and business agility.

5. Leadership, Advisory & Stakeholder Engagement.

• Serve as a trusted advisor to senior management on cybersecurity, governance, and technology risk matters.
• Communicate complex cybersecurity issues clearly to technical and non‑technical stakeholders.
• Influence business and technology stakeholders to ensure cybersecurity supports organisational objectives.
• Lead, mentor, and develop cybersecurity governance resources within ITMD.

6. Additional Responsibilities

• Support crisis management and executive decision‑making during major cybersecurity incidents.
• Undertake additional assignments as directed by LTAT management.

Requirements:

1. Bachelor's degree in Information Security, Computer Science, Information Technology, or related discipline; or equivalent professional experience.
2. Professional certifications such as CISSP, CISM, CISA, CRISC, or equivalent are preferred.
3. Minimum 10 years of progressive experience in cybersecurity, information security, or IT governance, risk and compliance roles.
4. Experience operating in regulated or government‑linked environments.
5. Proven exposure to cybersecurity governance, audit engagement, regulatory compliance, and senior management reporting.
6. Experience with incident response, crisis management, and business continuity planning.
7. Familiarity with security technologies (e.g. SIEM, IAM, vulnerability management, cloud security) from a governance and oversight perspective.