VP, Cybersecurity & Governance

Primary Objectives of Position: • Support external engagement with regards to governance, risk & regulatory compliance requirements. • Develop and maintain security policies while raising awareness through continuous training. • Manage cybersecurity tools & services across business units. Major Responsibilities: Lead, manage and work with team members on the following: • Involve in sector-wide cybersecurity programme and engagement. • Coordinate and contribute to various external and internal forums and meetings. • Manage all risk & regulatory reporting. • Conduct security audits, vulnerability & risk assessments and checks to ensure security controls are in place and are functioning adequately while working with regulatory bodies to ensure cybersecurity standards are met. • Engage users to ensure compliance with cybersecurity policy and procedures and review waivers and non-compliance when necessary. • Formulate cybersecurity policies and procedures for IT and OT systems, ensuring compliance with regulatory requirements and industry best practices (e.g. Cybersecurity Code of Practice (CCoP 2.0), CP8, ISO27001 etc.). • Educate and provide training to employees and contractors on cybersecurity policy, standards and procedures as well as best practices. • Conduct penetration test, cybersecurity (red/purple teaming) exercise (as documented and communicated) on a regular basis ensuring organization resiliency though practical Business Continuity Plan (BCP) and Disaster Restoration Plan (DRP). • Oversee the development, testing, and maintenance of cybersecurity measures to safeguard both IT and OT Critical Information Infrastructure (CII) assets. • Manage and administrate cybersecurity tools. • Provide cybersecurity services (e.g. VAPT). • Monitor and manage security operations, including the handling of incidents & crisis. • Identify emerging threats and vulnerabilities and recommend appropriate controls and solutions for implementation to enhance cybersecurity posture. • Liaising with cybersecurity vendors in conducting relevant assessments to fulfil regulatory requirements. • Plan and implement budgeted cybersecurity projects based on business requirements. • Work closely with internal and external stakeholders regularly to review and enhance cybersecurity incident response plans and playbooks to achieve cybersecurity readiness. Job Specifications: Minimum Education / Qualifications • Degree in Computer Engineering or equivalent. • Trained in Cybersecurity, Information Security, Forensics or equivalent. Minimum Years of Relevant Experience • 15-25 years of direct and relevant full-time cybersecurity work experience in policy formulation, incident response, and management, regulatory oversight and compliance. Knowledge/Skills • CISSP/CISM/CISA/CEH/ CRISC or equivalent certification. • Strong domain knowledge of information security governance and risk management, controls, vulnerability assessment/penetration testing, compliance, business continuity, investigations, system architecture and design, legal, and industry IT/OT and cyber security best-practices. • Knowledge on ISO27001 and IEC62443, NIST Cybersecurity Framework, CSA Code of Practice (CCoP). • Experience in Threat detection, Penetration testing and red/purple teaming. • Knowledge in Network, Web Security and Application Security would be highly valued. • Experience with information security tools (SIEM, anti-virus tools etc.). • Experience in forensics and incident management. Attributes (functional & leadership competencies) • Strong leadership qualities & ability to work under pressure. • Self-motivated, a good team player and strong ability to multi-task. • Excellent verbal, written communication, presentation and analytical skills. • Ability to build strong and trusting relationships. • Experience working in public transport and/or OT industry would be highly valued. Please be informed that only shortlisted candidates will be notified.