See job description for details
Main Job Responsibilities:
The ideal candidate should possess:
- Serve as the deputy lead in the absence of the Director, Client Information Security Lead function and team management to ensure the success of the client information security program.
- Collaborate with NCS Project & Quality teams and provide security consulting and advisory on security technology, security best practice and regulatory compliance.
- Act as a cyber security incident response advisor on potential security matters.
- Responsible for ensuring the accounts cybersecurity controls are in compliance with the Group's Cyber Security policies, standards, and guidelines, as well as the relevant regulatory requirements.
- Administer compliance with polices and standards through ongoing compliance assessments, audits and ad-hoc reviews.
- Develop account security scorecard and risk register report to facilitate management oversight and call out any potential cyber security risk.
- Partner with internal and external audit teams, to manage effective audits from a compliance & point-in-time perspective, to a risk-driven, continuous proactive compliance approach.
- Serve as a senior security liaison officer across line of business and accounts
- Minimum a Degree/Diploma or higher in Computer Science, Information Systems or equivalent
- At least one security certification is preferred, such as Certified Information Security Management (CISM), Certified Risk Information Security Control (CRISC), or Certified Information Systems Security Professional (CISSP)
- At least 10 years of experience in IT Risk Management, Governance or Compliance.
- Understanding of control and risk management concepts including control testing, risk assessments, risk treatment and third party risk.
- Knowledge of risk management policies, methods, standards, processes, governance models, and both quantitative and qualitative risk analysis approaches.
- Knowledge of common information security management frameworks, such as ISO 27001-5, COBIT and NIST, including 800-53 and Cyber security Framework.
- Senior stakeholder management and working across various parts of the organization.
- At least 5 years of experience in managing a cyber security or IT risk function within an organization with 3 years in experience in Enterprise IT or Cyber Operations.
- Strong communication skills, both written and verbal
- Candidates with technical hands in both cyber security and information security.
- Good understanding in the following areas: DCM/DR, Platform Security, Data Security, Network Security, Physical Security, Security Assessment Tools, Security Monitoring Tools.