We are seeking a Deputy Chief Information Security Officer (CISO) to drive cybersecurity resilience, governance, operations, engineering, and testing across both on-premises and major cloud platforms.
This role will ensure security is embedded and uplifted throughout the organization's digital transformation journey, with a strong focus on policy formulation, enforcement, and ecosystem development through close collaboration with internal and external teams.
Mandatory Skill(s)
- Degree in Computer Science, Information Systems, Engineering, or a related technology-focused field;
- Must have at least 8 years of work experience in Information Security operations, policies and procedures;
- Must have strong understanding of communication networks and emerging (cloud) technologies;
- Must have knowledge of technology processes, security policies, standards, controls, and risk measurements;
- Proven record in identification, investigation and resolution of potential IT security risks, controls and process gaps;
- Knowledge or experience with Infrastructure as Code (IaC) tools like Terraform and Ansible;
- Ability to identify cybersecurity risks and threats specific to both on-premises and cloud environments, with the expertise to assess their impact and likelihood;
- Proficient in evaluating the effectiveness of existing controls and recommending appropriate mitigation strategies for both on-premises and cloud cybersecurity and data security concerns;
- Strong understanding of compliance requirements and the ability to identify potential violations within on-premises or cloud environments;
- Strong personality and yet personable to build and enrich relationships within the organization;
- Excellent communication, presentation, planning and organization skill.
Desirable Skill(s)
- Relevant certifications (CISSP, CISM, CISA, GSEC).
Responsibilities
- Responsible to design information security, protection and management framework, guidelines and best practices across on-premises and cloud environments;
- Lead the formulation of cyber security strategies and work plan, policies, standards and guidelines, supporting digitalization planning and aligning with business strategic goals and policy baselines;
- Ensure that security policies remain aligned with evolving business and cloud security strategies through regular gap analyses and cloud risk assessments;
- Assist management in overseeing security matters, such as approving and tracking security work plan and resourcing, monitoring performance in security indicators and risk acceptance decisions;
- Govern the security posture by maintaining a full visibility of all systems (Assets) across different operating environments, the systems’ security design, implementation and operations through regular reviews;
- Implement Cybersecurity risk assessment and acceptance processes at the management level;
- Review, provide consultation and endorse risk management and mitigation plans from project teams;
- Provide advisory and consultancy on the appropriate cyber security solutions and technologies to be deployed suitable to business operations and aligned advisories and practices;
- Ensure secure development life cycle is complying to the security policies, and the security controls implementations are complying to the defined security policies, standards and guidelines;
- Design and implement end user security awareness programmes and establish defined processes for Threat and Incident Management;
- Plan, design and conduct security incident response workshops and exercises (table-top exercises, simulation and drills) and lead the investigation and management of security incidents.
If you are interested in this role, click on the “Apply to this job” button below or you could also write in with your CV to Kiran Kumar Pandity at kiran.kp@sciente.com quoting the job title.
