Deputy Director, Technology & Cyber Security Risk

Job Purpose:

Responsible for ensuring the Group's proactive defense and resilience against cyber, cloud, and emerging technology risks. Executes the GCISO's strategic direction through incident response, vulnerability management, and continuous threat monitoring, safeguarding the confidentiality, integrity, and availability of information assets.

Key Responsibilities:

Core Responsibilities

1. Support GCISO in advising on the Group's IT & cyber security strategic plans to ensure alignment with the risk appetite, business objectives, and overall strategy, and deliver the Group's technology risk profile to Management and Board Committees to safeguard the confidentiality, integrity, and availability of information assets.
2. Execute technology risk management activities by applying Group‑wide policies, standards, and controls, ensuring consistent implementation across all domains and compliant alignment with the Group's IT & cyber security risk appetite and regulatory requirements.
3. Support regulatory requirements by conducting gap analyses and/or providing advisory input on IT and cyber security matters, ensuring that compliance gaps are identified and corrective measures are tracked to closure.
4. Conduct independent risk assessments, thematic reviews, and due diligence to evaluate and mitigate technology and cyber risks.
5. Maintain and update the IT risk register to ensure transparent, accurate, and timely capture of cyber risk factors for reporting and oversight.
6. Lead, advise and provide guidance to the team members in the planning, execution and completion of all technology risk reviews/tasks assigned to the team.

Functional Responsibilities

1. Conduct end‑to‑end assessments focusing on cyber security, cloud, and emerging technology risk, delivering thorough evaluations across IT and cyber domains.
2. Monitor, assess and provide mitigation controls on threat intelligence alerts and advisories from regulators, cybersecurity vendors and other trusted sources.
3. Perform research on emerging cyber threats, assessing the possible impact and recommending appropriate controls to mitigate the threats, and escalate significant findings to relevant stakeholders.
4. Evaluate IT risk across internal projects and third‑party engagements, ensure security controls are integrated, and provide independent risk input and assessments for major technology initiatives and vendor activities.
5. Perform scenario analyses for the cyber drill exercise to assess potential cyber events with clear and evidence‑based outcomes.
6. Coordinate incident response activities, ensuring efficient and dependable investigations and follow-ups.
7. Facilitate forums on emerging threats, providing collaborative and actionable recommendations.
8. Manage vulnerability findings by tracking open issues, advising on remediation or approved deviations, and ensuring transparent reporting of status and closure progress.

Requirements:

Experience/Skills

• At least 5 years of experience in IT Risk Management, information technology and information security
• A recognized degree in Computer Science or equivalent technical degree
• Be appropriately certified in CISM or any equivalent certification
• Fluent English in speaking and writing
• Ability to communicate effectively
• Considerable knowledge and experience of best practices in technology risk.
• High degree of personal commitment, interpersonal skills with clear strategic vision and proven communication, and supervisory skills.
• Ability to work under pressure and respond to tight deadlines

Knowledge

• Competence in the use of standard Microsoft Office Suite applications.
• Experience in desktop management, cyber risk/security management policies
• In-depth knowledge with industry standard technologies, information and cyber risk/security management
• Hands-on experience in Information Technology and risk assessment
• Process knowledge of regulatory supervision on technology