Lead, Cybersecurity

As a Cybersecurity Lead, you will play a critical role in safeguarding our organization’s digital assets and ensuring the confidentiality, integrity, and availability of our information systems. You’ll lead a team of skilled professionals and collaborate with various departments to implement robust security measures.RESPONSIBILITIESStrategy and Planning:Develop and execute a comprehensive cybersecurity strategy aligned with organizational goals.Identify potential risks and vulnerabilities and create mitigation plans.Stay up-to-date with industry trends and emerging threats.Recommend suitable enhancements to improve information cybersecurity performance.Develop, execute and measure cybersecurity awareness programs for staff, students, and faculty.Report regularly to senior leadership, Audit & Risk Committee, and Board on cyber posture, risks, and incidents. Advise leadership on emerging threats and industry best practices.Security Operations:Oversee day-to-day security operations, incident response, and threat detection.Manage security tools, including firewalls, intrusion detection/prevention systems, and antivirus software.Conduct regular security assessments and vulnerability scans.Team Leadership:Lead and mentor a team of cybersecurity professionals.Delegate tasks, set performance goals, and provide regular feedback.Foster a collaborative and proactive security culture within the organization.Policy and Compliance:Develop and enforce security policies, standards, and procedures.Ensure compliance with relevant regulations (e.g., PDPA, PCIDSS, etc).Good understanding of NIST framework and its implementation and compliance.Coordinate audits and assessments.Provide advisory on application security design, framework, policies, and standards.Risk Management:Assess and prioritize risks, considering business impact and likelihood.Implement risk mitigation strategies and monitor their effectiveness.Work closely with other departments within SIM to address security-related concerns.Manage vulnerability assessments (such as reviews of access control lists), penetration testing and VAPT with project teams and system ownersAct as the primary liaison with government agencies (such as CSA and MOE), auditors, and external partners on cybersecurity matters.Incident Response:Lead incident response efforts during security breaches or incidents.Coordinate with legal, IT, and communication teams to manage incidents effectively.Conduct post-incident analysis and implement improvements.Policies and proceduresOwn and maintain/update key policies and SOPs such as Incident Response playbook, Operational SOPs (access provisioning/deprovisioning), DR playbook, Governance policies (audit readiness, annual risk assessment cycle)Collaboration:Conduct post-incident analysis and implement improvements.Collaborating with stakeholders to conduct governance, risk and critical systems controls assessment, compliance audit, and cyber resilience and disaster recovery.Working with internal stakeholders such as the network and system team for investigations and cybersecurity planning.Collaborating with external and internal parties on various cybersecurity initiatives.JOB REQUIREMENTSCollaborating with external and internal parties on various cybersecurity initiatives.Bachelor’s degree in computer science, Information Security, or related field.Certifications: CISSP, CISM, or similar certifications are highly desirable.Experience: Minimum 5 years of experience in cybersecurity, including managerial roles.Possess strong technical and domain knowledge with experience in project management, cybersecurity threat monitoring, threat hunting, logs review, source code review and analysis, network security, machine learning, vulnerability assessment/penetration testing, compliance and cybersecurity risk management, network security, encryption, access controls, and security frameworksExcellent interpersonal, communication, leadership skills, and stakeholder management skillsAbility to explain technical risk in business terms to non-technical stakeholder