Senior Manager, IT GRC & Cybersecurity Program Mgt
The IT Governance, Risk & Compliance (GRC) & Program Management role is responsible for the planning, execution and monitoring of the GRC function of CIO office and manage cybersecurity programs. Responsibilities
- All IT audit & compliance plan & schedule, execution, reporting, remediation, risk assessment, review & monitoring for the whole of IS division, including but limited to the Compliance Audit of Financial Statement Reporting by the appointed CPA firm, the internal audit, and other audit & assurance plan of StarHub
- Govern the key risk items/initiatives to mitigate the risk to an acceptable level, including IT functionalities and other Biz Unit functionalities where substantial IT effort & investment could be involved or involved
- Drive the efficiency & effectiveness of the IT GRC functionalities by process simplification, and continuous review and improvement on its operation
- Provides timely advise to IS management on significant IT risk, for timely risk mitigation and treatment to be carried out
- Build strong working relationships with other key stakeholders within the organization such as Enterprise Risk Management (ERM), Network Security, Data Protection Office (DPO) and Data Security (DS) to ensure timely execution & refinement of IT GRC function
- Provide update to CIO on GRC Reporting
- Driving various cybersecurity programs and workstreams across StarHub to safeguard against both intentional and unintentional, external and internal threats
- Manage the end-to-end program management from business case justification, prioritization, tracking, reporting and escalation for the entire cybersecurity program management
- Provide update to Head of Cybersecurity on cybersecurity program management activities
*We are regret that only shortlisted candidates will be notified.
- Bachelor's degree in Computer Science or related field with at least 14 years' experience as a security practitioner in developing cyber security architecture and programs for large organization.
- Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) or equivalent
- Knowledge of compliance frameworks and regulatory requirements (NIST, ISO 27001, Cybersecurity Act, Personal Data Protection Act, Payment Card Industry Data Security Standard, IMDA Code of Practice for Broadcasting & Telecommunications, etc)
- Demonstrated relevant security expertise in designing security solutions for a mix of technology areas, with a focus on application, network and cloud security
- Experienced cyber security leader who has successfully built security programs and policies in fast paced organizations like StarHub
- Strong business/relevant industry acumen
- Ability to quickly articulate creative & alternative methods for solving security-specific business problems
- Hands-on collaborative style and approach to working with other's
- Excellent leadership skills and ability to lead organization through rapid change
- Proven ability to communicate security compliance to executive business leaders
- Ability to influence others where there is no direct authority
- Ability to develop and coach cyber security technical knowledge to the next line of cyber security professional / engineers.