Develop and manage the Cyber Security strategy within company and ensure establishment of related preventative controls, solutions and programs to manage and prevent Cyber Security risks within company, that are supported by the necessary policies and procedures that align to the Group IT Security Risk Policy.
Critical objectives and responsibilities:
- Develop and manage the Cyber Security strategy within company and ensure establishment of related preventative controls, solutions and programs to manage and prevent Cyber Security risks within company, that are supported by the necessary policies and procedures that align to the Group IT Security Risk Policy.
- Design and develop strategies and tools to enhance audit efficiency and effectiveness leveraging IT industry expertise; applying relevant information security frameworks and best practices (for example ISO 27001/2, NIST, COBIT, OWASP Top 10, etc.) in areas of high complexity and emerging technologies.
- Manage and lead the IS Cyber Security process including adherence to policy, procedures and standards across the business and aligned where fit-for-purpose to Group InfoSec strategy.
- Manage / conduct assessment / review of IT processes and recommend action for improving IT governance maturity using reference frameworks such as ISO 27001or ITIL.
- Operate and maintain the Information Security Management System (ISMS) of IT services based on ISO27001.
- Plan and implement ISMS in key business functions.
- Manage Information Security policy and procedure documents, including but not limited to incident response, IT security policy, segregation of roles and responsibilities, audit plans, methodology, risk register etc.
- Maintain compliance to accreditations / certifications like ISO27001 (e.g. surveillance, re-certification audits etc.).
- Assist in compliance to policies and all applicable external regulations as required.
- Oversee security awareness program at organisational level including the InfoSec training programs for employees and work towards continuous improvement of the function.
- Provide reports to top and senior management for review of cyber security trends, stats and product performance.
- Lead development and implementation of Cyber Strategy for company by identifying cyber risks threatening accomplishment of business objectives; determining the severity risks with regard to likelihood of occurrence and business impact; developing audit tests to assess the effectiveness of controls; and continually improving company cyber posture
- Ensure controls such as vulnerability assessment, penetration testing, identity and access management, web application security, secure network architecture, data protection and internet networking in general (i.e. TCP/IP, DNS, routing, etc.) are in place, measured against applicable risk metrics and reported on.
Minimum Requirements:
Experience, knowledge & skills required
- Relevant degree in Information Technology (IT) or Systems.
- Certified Information Security Manager (CISM), CRISC, CISSP and / or CISA would be advantageous.
- 8 – 10 years’ experience in leading an Information Technology team in the design, development and / or maintenance of technology solutions within the General Insurance or financial services Industries.
- 5 – 8 years’ experience of InfoSec and / or IT Security audits with experience within the Financial Services industry.
- Knowledge of COBIT and ITIL is essential.
Desired Skills:
- Cyber Security
- Firewall configuration
- ISO27001