Chief Information Security Officer

Job SummaryWe are seeking a Deputy Chief Information Security Officer (CISO) to drive cybersecurity resilience, governance, operations, engineering, and testing across both on-premises and major cloud platforms.This role will ensure security is embedded and uplifted throughout the organization's digital transformation journey, with a strong focus on policy formulation, enforcement, and ecosystem development through close collaboration with internal and external teams.Mandatory Skill-setDegree in Computer Science, Information Systems, Engineering, or a related technology-focused field;Must have at least 8 years of work experience in Information Security operations, policies and procedures;Must have strong understanding of communication networks and emerging (cloud) technologies;Must have knowledge of technology processes, security policies, standards, controls, and risk measurements;Proven record in identification, investigation and resolution of potential IT security risks, controls and process gaps;Knowledge or experience with Infrastructure as Code (IaC) tools like Terraform and Ansible;Ability to identify cybersecurity risks and threats specific to both on-premises and cloud environments, with the expertise to assess their impact and likelihood;Proficient in evaluating the effectiveness of existing controls and recommending appropriate mitigation strategies for both on-premises and cloud cybersecurity and data security concerns;Strong understanding of compliance requirements and the ability to identify potential violations within on-premises or cloud environments;Strong personality and yet personable to build and enrich relationships within the organization;Excellent communication, presentation, planning and organization skill.Desired Skill-setRelevant certifications (CISSP, CISM, CISA, GSEC).ResponsibilitiesResponsible to design information security, protection and management framework, guidelines and best practices across on-premises and cloud environments;Lead the formulation of cyber security strategies and work plan, policies, standards and guidelines, supporting digitalization planning and aligning with business strategic goals and policy baselines;Ensure that security policies remain aligned with evolving business and cloud security strategies through regular gap analyses and cloud risk assessments;Assist management in overseeing security matters, such as approving and tracking security work plan and resourcing, monitoring performance in security indicators and risk acceptance decisions;Govern the security posture by maintaining a full visibility of all systems (Assets) across different operating environments, the systems’ security design, implementation and operations through regular reviews;Implement Cybersecurity risk assessment and acceptance processes at the management level;Review, provide consultation and endorse risk management and mitigation plans from project teams;Provide advisory and consultancy on the appropriate cyber security solutions and technologies to be deployed suitable to business operations and aligned advisories and practices;Ensure secure development life cycle is complying to the security policies, and the security controls implementations are complying to the defined security policies, standards and guidelines;Design and implement end user security awareness programmes and establish defined processes for Threat and Incident Management;Plan, design and conduct security incident response workshops and exercises (table-top exercises, simulation and drills) and lead the investigation and management of security incidents.Should you be interested in this career opportunity, please send in your updated resume to apply@sciente.com at the earliest.When you apply, you voluntarily consent to the disclosure, collection and use of your personal data for employment/recruitment and related purposes in accordance with the SCIENTE Group Privacy Policy, a copy of which is published at SCIENTE’s website (https://www.sciente.com/privacy-policy).Confidentiality is assured, and only shortlisted candidates will be notified for interviews.EA Licence No. 07C5639