Job Description
You will be an integral member of the SIA Group Information Security team, reporting directly to the Chief Information Security Officer (CISO). In this strategic role, you will support the CISO in developing, implementing, and maintaining a comprehensive Information Security program ensuring Governance, Risk, and Compliance (GRC). You will lead a lean, agile team enhanced with AI and automation to drive meaningful cybersecurity outcomes and elevate the organization's cyber resilience.
Key Responsibilities
Strategy and Planning
- Assist CISO in defining and executing information security strategy and roadmap
- Support enhancement of executive cyber reporting to senior management and board
- Provide strategic insights aligning security initiatives with business goals and threats
Policy Framework Lifecycle Management
Lead management and improvement of information security policy frameworkEstablish robust lifecycle management process for timely reviews and updatesEngage stakeholders in policy development and reviewMonitor and incorporate regulatory and industry-specific cybersecurity requirementsEnsure policy alignment across all business unitsGroup Cyber Resilience Initiatives
Develop and maintain unified cybersecurity resilience frameworkDrive Group-wide cyber resilience initiativesOversee third-party cybersecurity maturity assessmentsFacilitate cross-functional Group meetings for strategic alignmentRisk Management
Modernize and oversee Group's information security risk management frameworkImplement key cyber risk indicators (KRIs) and develop metricsManage third-party cyber risk management frameworkAlign security risk initiatives with enterprise risk management (ERM) programUser-Centric Training and Awareness
Lead development of comprehensive information security awareness programDesign and execute phishing simulation exercisesDeliver role-specific training for various business units and leadership levelsDrive engagement through gamified campaigns and multimedia platformsOrganize outreach programs to promote strong security cultureProject Governance and Oversight
Provide governance and support to cybersecurity project ownersEnforce compliance with corporate policiesAssist in allocation and monitoring of project budgetsConduct control self-assessmentsCybersecurity Maturity Assessment (CSMA)
Manage CSMA Program across the GroupSelect and manage third-party assessment providersPrioritize findings and ensure timely execution of improvement plansOversee preparation of executive reports on CSMA outcomesRequirements
Bachelor's degree in IT, Cybersecurity, or related field10+ years of relevant experience in information security, leading GRC initiativesExperience in Governance, Risk, and Compliance activities and CISO-level supportProficiency in modern security technologies and practicesExperience with AI large language models (LLMs) and automation toolsProven ability to work across diverse stakeholder groupsStrong communication, presentation, and stakeholder management skillsSelf-driven, proactive mindset with sense of urgencyComfortable in fast-paced environmentsProfessional certifications (CISSP, GIAC, or equivalent) preferred