Job Purpose:
As Lead of Governance and Information Protection, this role is responsible and accountable for these technical areas:
- Governance Risk and Compliance: Develop and implement a comprehensive cybersecurity governance framework aligned with industry best practices, regulations, and organization objectives.
- Information Protection: Develop and implement a comprehensive strategy for safeguarding sensitive information, data assets and access management.
- Security awareness and training: Develop and deliver training programs to raise users awareness about cybersecurity, policies, and threats to foster a positive cybersecurity culture throughout the organization.
- Cybersecurity program: Develop and execute strategic roadmap for the organization cybersecurity program for IT and OT in line with business requirements and objectives.
Qualifications and Experience:
- Graduate and/or Master's Degree qualifications in either Computer Science, Information Technology, or a related discipline.
- 10+ years experience in a similar role, in large enterprise environments (>1000 users), with multiple geographic locations.
- Oil and Gas experience (or manufacturing industries) is preferred.
- Professional certifications in Information Security and/or Information technology CISSP and/or CISM at minimum is required.
- Proficiency in performing risk, business impact, control, and vulnerability assessments, and in defining treatment strategies.
- Knowledge of and experience in managing, developing and documenting security programs and plans, including strategic, tactical, and operational plans.
- Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
- Strong communication skills, including written, oral and presentation skills. Must be fluent in English.
- Knowledge and experience in Enterprise IT/OT security technologies, services, and processes
- Professional certification in Industrial Cybersecurity e.g., GICSP or similar) is desirable.
- Knowledge of Industrial Cybersecurity standards is desirable.
- Exposure to program and project management is desirable.
- Vendor management skills and ability to define and negotiate effective SLAs and service KPIs with vendors.
- Extensive technological domain knowledge to understand integration of digital products with IT systems & architecture.
- Good knowledge of the business to understand business requirements and implications on organization operations.
