Manager (Cyber Security Controls & Governance)

The role's primary function is to manage and implement cyber security controls and governance across the group, provide consultancy and drive (or support where appropriate) key cyber security transformation initiatives that deliver outcomes essential for PETRONAS to achieve its cyber risk posture. The successful candidate should be well versed in multiple cyber security domains (technical and governance), with proven results in embedding industry best practices in aspects of cyber security governance, policy, standards, guidelines, procedures, processes, and tools. Effective collaboration with various stakeholders in cyber security and other subject matter experts is crucial to the role's success.

Qualification/Experience Required

1. A degree in Computer Science, Engineering, Mathematics, or a related discipline from recognized institutions.
2. Experience of 8-10 years in assessing risk related areas, with digitization of industrial processes advantageous.
3. 5-8 years experience in a hands-on technical role in Information or Cyber Security.
4. Candidates with strong domain expertise in Operational Technology (OT), Application Development or any digital / technology discipline may be considered.
5. Fundamental knowledge in cyber security governances, guidelines, risks and compliance.
6. Ability to integrate both risk and cyber security as part of the overall design validation and assurance landscape for large organization.
7. Experience or knowledge of risk assessments in Oil & Gas industry is advantageous.
8. Strong verbal and written English communication skill is necessary.
9. High proficiency in stakeholder management skill as the role requires significant collaboration and influencing across different organization levels and disciplines to achieve common goals.
10. Desirable to have related Information/Technology/Cyber Security certifications.

Major Challenges

1. Senior Leadership stakeholder business direction with their buy-In and alignment to Cyber Security Strategy.
2. Driving and engaging multiple internal or external stakeholders to deliver outcomes essential for the enterprise to achieve its cyber risk posture, taking into account the needs of Cyber Security, Business and applicable laws and regulations.
3. Interdependencies on business change, legal and regulatory requirements, and other departmental programme alignment.
4. Rapid evolution on Cyber Security threat landscape and organisational awareness on cyber security.
5. Complexity and breadth of IT and OT, and quickly adapt to evolving technologies, rapidly evolving threat landscape, evolving business landscape, domestic and international coverage.

Key Accountabilities

1. Governance and Controls

Identify, assess, develop, implement, and ensure cyber security related policies, standards, guidelines, procedures, controls and governance are adopted and understood broadly and particularly within own area of remit to ensure standardization of practices in safeguarding PETRONAS assets.

2. Operational Excellence

Launches policies within own area of remit and educate the user community to structurally adopt cyber security policies, standards, guidelines, procedures, and controls and comply against them.

3. Risk Remediation & Execution Drive and monitor the implementation of policies, standards, guidelines, procedures, and controls within own area of remit, to ensure effective governance within the PETRONAS Group. Review and assess relevant industry, laws and regulations, and internal policies, standards, guidelines, procedures, controls, and governance and identify applicability for PETRONAS particularly within own area of remit.

4. Business Change and Communication Management

Influence change and awareness of cyber policies to PETRONAS Group wide. Develop and deploy change and training initiatives to embed and maintain effective policies, standards, guidelines, procedures, and controls particularly within own area of remit.

5. Risk Analysis & Reporting

Determine need for new or changed policies, standards, guidelines, procedures, controls, and governance in response to changes in technology, business landscape, risk appetite, threat landscape and Regulatory environment and particularly within own area of remit.

6. Risk Posturing

Identify relevant evolution of industry and internal policies, standards, guidelines, procedures, controls, and governance within own area of remit and recommend appropriate responses for PETRONAS in context of changes in technology, business landscape, risk appetite, threat landscape and Regulatory environment.

Note: Only shortlisted candidates will be contacted