Group Manager of Cyber Security

Job Description

Job Description

Role Profile

Reporting to the Group VP, Cyber Security, the Group Cyber Security Manager is responsible for establishing and maintaining a company-wide information security and risk management program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, aligns with, and supports the risk posture of the company and its clients/customers. This role directs the adoption and implementation of security and privacy policies, security technology, and information risk procedures across all locations.

Position Responsibilities:

• Responsible for day-to-day IT Security operational activities and responding to information security incidents.
• Lead and manage a talented team of information systems security professionals by establishing strategic objectives, providing mentorship, and conducting performance evaluations to enhance team effectiveness.
• Manage cybersecurity projects, including cost and scope, schedule and risk, for assigned projects, ensuring every project is delivered with quality and on time.
• Oversee the execution of security audits and assessments by coordinating team efforts to evaluate the effectiveness of information systems security measures and identify areas for improvement.
• Coordinates cross-discipline IT teams to design, implement, test, and operate critical security-related systems, furthering global information security strategies.
• Oversee and continuously improve the IT risk assessment and management, IT continuity management, IT governance formulation, and organizational change management.
• Oversee and lead IT audit management, including company client audits of internal policies and procedures.

• Develop strategies to address information security awareness and training for all stakeholders.
• Lead and manage the Cyber Incident Response Plan, develop and maintain incident response playbooks, and conduct regular tabletop exercises.
• Defines and executes the strategic vision, understanding the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization, and balances these with risk investments.
• Analyse, select, recommend, and coordinate the installation of information security technology with all relevant stakeholders.
• Develops and implements tests of computer systems to monitor effectiveness of security through penetration and vulnerability assessments.
• Conduct and coordinate software reviews and assessments.

Skills and Competencies

• The ability to motivate and engage a team of Information Security staff in supporting the organization's goals and lead the process of continuous improvement of our company's cyber security program.
• Foster and build a collaborative working relationship with various stakeholders
• Adaptable in global and complex environments, with good influencing skills.
• People management and interpersonal skills – ability to interact at all levels.
• Experience in policy formulation, information security management, and business risk management.
• Lead functional teams of senior technology employees to achieve objectives.
• Experience in dealing with senior executives and constructively challenging ideas and products to achieve desired results.
• Possess good organizational, prioritization, and workflow management skills.
• Proven track record of consistently meeting published uptime and service-level objectives.
• Balance of leadership skills and hands-on technical skills.

Personal Qualities

• Multi-tasking : Ability to handle multiple tasks simultaneously and prioritize effectively.
• Accuracy : The ability to ensure that information, facts, and figures are accurate and free from errors.
• Sense of Urgency : Ability to respond as needed within the appropriate timeframe.
• Problem Solving : An analytical thinker with the ability to solve problems and seek support when needed.
• Organization : Ability to organize tasks and information effectively.
• Team Player : Ability to work both within and across teams to ensure work is completed with appropriate input from others.
• Decision Making : Ability to make decisions on work issues that impact the successful completion of tasks.
• Focus : Ability to work calmly & effectively under pressure to tight deadlines.
• Delivery : Delivery-focused with a commitment to getting the job done.
• Extra Mile : Going above and beyond to exceed customer expectations.

Qualifications

• 6+ years of overall professional technical experience in information security.
• Minimum of 3-5 years of experience in managing information security personnel
• Professional security management certification is desirable, such as Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or other similar credentials.
• Knowledge and understanding of relevant legal and regulatory requirements, such as GDPR, HIPAA, ISO/IEC 27001, SOC, and NIST security principles
• Bachelor's degree in related field preferred

Working Conditions

• This position will primarily be involved in an office environment.
• This position supports a 24/7 cybersecurity and IT operation and requires working weekends, evening/night shifts, and occasional holidays.
• Occasional domestic and international travel is required.