Job Purpose

This position has an objective to

• Drive the implementation of Group IT Governance and Cyber Security Strategy across the region by assisting the OG CISO.

• Achieve and maintain IT compliance across the region as per group policies and IT standards and regulations.

• Minimize the cyber security threats and related risks across the region by taking proactive measures.

• Support the region to achieve security standards like the NIST Framework and 27001 as per group guidelines.

• Properly maintain inventory of IT assets, applications, domains, and certificates and their validity with the help of the local IT team.

• Work closely with application owners for secure development and hosting of applications by following the Security by Design process.

• Closely work with HR, Legal, Local IT, and the Management Team of the Region to achieve the required result and enhance cybersecurity.

• Brief the IT executive team on issues, risks, and status.

• Local, HO, and external audit support.

• Create a cyber security budget if your region requires one.

• Ensure that disaster recovery and business continuity plans are in place and tested;

• Participate actively in crisis management activities and exercises with the OG team.
Roles & Responsibilities for HSE

• In all situations, the BV Cardinal Safety Rules must be followed.

• To comply with company HSE requirements (e.g., policies, procedures, guidelines, etc. and local legal requirements on HSE as applicable.

• to take care of own health and safety as well as that of colleagues and others.

• Immediate reporting of any shortcomings on HSE, i.e. any incident, unsafe work practices, / conditions, to his/her immediate line managers.

• Sharing opportunities for improvement on HSE aspects.

Criteria for Performance Evaluation

• Use of Group level/ new tools and utilities to record, track and measure cyber threats and incidents.

• Achievement of targets for major control implementation in standards like NIST, 27001.

• Create awareness to reduce the risk of cyber threats to businesses and the availability of IT services.

• Minimum number of findings in BitSight and BitSight Score.

• Effective teamwork

• Achieve operational excellence.

• Deliver value to internal and external clients.

• Develop people.

• Use of group-level or new tools and utilities to record, track, and measure cyber threats and incidents.
Knowledge/ Education / Previous Experience Required

• Engineer or relevant field graduate with technical background in IT (bachelor's degree or above)

• comfortable working in a multicultural environment.

• Above 10 years of experience in IT

• A sound understanding of computer systems (hardware/software), networks, etc.

• A strong understanding of internal controls and excellent management skills are required.

• knowledge of security standards, auditing techniques, and documentation.

• Resourcefulness, proven interpersonal skills, and the ability to work in a diverse environment with sensitivity and respect.

• Excellent communication skills (Good English speaking, computer skills, and writing skills are a must.)

• Proven ability to build strong relationships with all levels of an organization

• Ability to communicate with tact and diplomacy, both orally and in writing,

• Good presentation skills

• Ability to efficiently manage time and workload, which includes planning, organizing, prioritizing, and following-through on a variety of tasks, assignments, projects, and reports.

• Ability to work as a contributing team member in a professional manner.

• Ability to use effective judgement and problem-solving skills to make reasonable business decisions and recommendations.

• CISSP,CCSP, CRISC, CISM, ISO27001, NIST related certificate is PLUS

其他信息

行业要求：全部行业