Alternate Job Titles
ICT Security Direct, VP of IT Security, Head of IT Security, Chief Security Officer, Head/ Director of Information/ Cybersecurity
Job Level
C-Suite
Functional Group
Cybersecurity & Risk Management
Job Family
Strategic Leadership
Job Description
- Formulate and promote the information security function’s vision.
- Hold primary responsibility for safeguarding company data and serves as the authority in establishing and enforcing the organization’s security standards, policies, and strategies.
- Develop and define guidelines, standards, and best practices to ensure effective information security across the organisation.
- Oversee operational and capital expenditure budgets and investment.
- Examine, support and synchronise information security and information risk management plans with corporate objectives.
- Provide executive support in managing the organization’s information security risk management plan and implementing information security strategies.
- Direct the development of the Cyber Risk Maturity Model and IT security architecture, which balances security risks and business requirements.
- Provide guidance to the board and senior management on all security-related issues and establishes procedures for adhering to legal and compliance requirements, regulatory inquiries, inspections, and audits.
- Lead the organisation’s information security strategy while integrating technology foresight to anticipate emerging cyber threats, regulatory changes and disruptive technologies.
- Ensure that security architecture, policies and processes are future-ready and aligned with long term business objective.
- Ensure that an organization’s handling of personal data complies with relevant data protection laws by implementing robust cybersecurity measures, managing data privacy risks, leading breach response efforts, and working closely with legal and compliance teams.
Critical Work Function
Information Security Strategy
- Establish the organisational cybersecurity vision, strategy and underlying cybersecurity initiatives or programmes.
- Align information security and information risk management strategy with business strategy.
- Provide strategic, budgetary and administrative advice for implementation of information security strategy.
- Drive security awareness and education on information security throughout the organisation.
- Advise senior management and key stakeholders on information security matters.
Security Architecture Establishment
- Oversee the development of information security and risk management policies, disaster recovery and business continuity plans.
- Evaluate current information security practices to ensure compliance with IT standards and industry norms.
- Oversee the implementation of appropriate plans to ensure compliance with regulatory, industry and regional mandates.
- Establish and implement cybersecurity legal risk rules and guidelines in line with industry norms and standards.
- Drive information security and risk management awareness training programmes.
- Oversee the design of cybersecurity architecture and the overall Cyber Risk Maturity Model.
- Establish Key Performance Indicators (KPIs) to assess the effectiveness of the security
architecture. - Facilitate the development of a framework to measure the effectiveness of security programmes.
- Review security architecture to ensure that it addresses technology shifts and threats.
Cybersecurity Incidents Management
- Act as a subject matter expert in cybersecurity investigations and analysis.
- Drive resolution of large-scale security incidents.
- Lead the development of plans to address system vulnerabilities.
- Advise on responses to regulatory inquiries, inspections or audits.
Cybersecurity Risks Management
- Strategically guides the development of cybersecurity risk assessment frameworks.
- Advise business stakeholders on the different types of cyber risks and incidents along with the cybersecurity compliance standards.
- Oversee the development and testing of disaster recovery and business continuity plans.
- Drive compliance with international and national information security and privacy regulations.
- Act as the organisation’s liaison with external agencies in cybersecurity risk matters.
Entry Requirements
#1
Chief Information Security Officer
BDQF Level 6 in IT Security, Information Systems, Computer Science or any related field, with related industry certification and minimum of 10 years’ experience at senior level or
BDQF Level 5 in Information Systems, Computer Science or any related field, with related industry certification and minimum of 12 years’ experience at senior level.
Skills & Competencies
Technical Skills
Soft Skills
Recommended Technical Training Courses
Certified Chief Information Security Officer (CCISO), EC Council
Certified Information Systems Security Professional (CISSP), ISC2
Certified Information Security Manager (CISM), ISACA
Certified in Risk and Information Systems Control (CRISC), ISACA
GIAC Strategic Planning, Policy, and Leadership (GSTRT), GIAC
GIAC Law of Data Security & Investigations (GLEG), GIAC
GIAC Security Essentials Certification (GSEC)
Certified Ethical Hacker (CEH)
Certified Information Systems Auditor (CISA)
Qualified Information Security Professional (QISP)
Certified in the Governance of Enterprise (CGEIT), ISACA
ISC2 Systems Security Certified Practitioner (SSCP)
SANS Global Information Assurance Certification (GIAC)