Main Responsibility Areas :
Security process lifecycle management
Governance, Compliance & Risk Management
Security in Business continuity & Resiliency Management
Data protection & Privacy
Key Tasks :
Create and review policy standards and strategies to ensure procedures and guidelines comply with cybersecurity frameworks, standards & industry benchmark.
Participate in security governance process to provide security risks, mitigations, and input on other technical risks.
Determine the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of risk areas.
Assessing security controls and its effectiveness based on cybersecurity principles and tenets. (e.g. NIST CSF, ISO27001, ITU-T x.
805, NIST SP 800-53 etc.)
Perform risk analysis (e.g., threat, vulnerability, and the probability of occurrence) and apply risk management framework
Provide regular reporting of the security program to relevant stakeholders
Understand and interact with related disciplines to ensure the consistent application of policies and standards across all Security Governance, Risk & Compliance Management Services.
Facilitate security risk, legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings.
Perform review & analysis with stakeholders to help establish the lessons learnt, create & update new / existing processes & procedures to mature the Security Governance, Risk & Compliance Management Services.
Support in preparing authorization and assurance documents to confirm that the level of risk is within acceptable limits for each application, system, and network.
Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
Continuously validate the organization against policies / guidelines / procedures / regulations / laws to ensure compliance for necessary audit & compliance activities
Qualifications Key Competencies :