Develop and implement cybersecurity strategies, governance frameworks, risk management approaches, standards, and best practices across the organisation.
Lead the organisation's ISMS (ISO/IEC 27001) implementation programme, including risk assessment, gap analysis, documentation, internal audit coordination, and readiness for certification and recertification.
Lead and coordinate cybersecurity operations activities, including security monitoring, vulnerability management, threat intelligence, and incident response escalation to ensure the organisation is equipped with proactive and updated security operations that can detect, prevent, and respond to cyber threats effectively.
Review and maintain cybersecurity policies, standards, and procedures, ensuring alignment with regulatory requirements (e.g., Cyber Security Act 2024, MHA, NCII sector requirements).
Perform and support cybersecurity risk assessments, recommending mitigation or acceptance plans to ensure secure operation of systems and digital platforms.
Coordinate with internal IT team, vendors, concessionaires, and project teams to embed cybersecurity-by-design in all technology initiatives and digital platforms.
Manage cybersecurity-related projects and initiatives, ensuring timelines, deliverables, and compliance requirements are met.
Plan and respond to cybersecurity incidents, including root-cause analysis, documentation, post-incident reviews, and implementation of improvement plans.
Maintain oversight of security tools and solutions (XDR, SIEM, PAM, ZTNA, etc.), ensuring effective utilisation, monitoring, and compliance with operational procedures.
Facilitate cybersecurity awareness programmes, training, and stakeholder engagement.
Act as Deputy to the Head of Cybersecurity when required.
Manage cybersecurity vendors, service providers, and related contracts.
Collaborate with relevant internal stakeholders e.g. internal IT team, Risk etc. on cyber resilience initiatives such as Business Continuity Planning (BCP) and Disaster Recovery (DR) planning and testing.
Requirements:
Bachelor's Degree in Computer Science/ Engineering/ Information Technology or with equivalent experience.
At least 8 years of working experience in Cybersecurity/ Infrastructure role.
