Senior Manager, Cyber Security Risk Management

Sepang, Selangor
Tetap
Sepenuh masa

2 bulan lepas

Job DescriptionWHAT YOU’LL CHAMPION:Cyber Security Risk ManagementImplement and maintain a cyber security risk management program, framework, processes, and any relevant mechanism. Ensure the risk management framework aligns with regulatory requirements (e.g., GDPR, CCPA, HIPAA, PCI-DSS) and industry standards (e.g., NIST CSF, ISO 27001).Oversee and execute comprehensive risk assessments, including cloud security risk and control effectiveness reviews.Support internal and external audits by providing evidence of effective Cyber Security risk management practices.Third party Cyber Security Risk Management:Identify, assess (including supplier tiering, contract assurance, and control implementation controls throughout supplier lifecycle), and introduce risk mitigation related to third-party relationships including vendors and partners.Provide strategic cyber risk oversight of third-party relationships, ensuring that they meet security standards, comply with regulations, and maintain a strong security posture across the third party lifecycleCyber Security Risk Mitigation and Remediation:Prioritize and track remediation efforts for all identified Cyber related risks (including third parties)within the risk register and, collaborate with relevant business units to develop effective risk treatment plans.Monitor the effectiveness of implemented security controls and risk mitigation strategies.Data and AI Security:Perform Data security assessment (including cyber controls related to data privacy) on relevant scope to ensure sufficient controls are in place to secure data based on sensitivity levelProvide Cyber Security assurance or conduct cyber risk assessment on security architectures and protocols specifically for AI/ML systems and their entire lifecycle (data ingestion, model training, deployment, and inference)Reporting and Communication:Prepare and present clear, concise, and business-focused risk reports to business system owners, department head, executive leadership and other governance bodies.Communicate complex technical concepts and the residual risk posture in non-technical, business-centric language.Team Leadership and Development:Mentor and lead a team of risk analysts or specialists, fostering a culture of risk awareness and continuous improvement.WHO YOU ARE:With at least 10 years of experience in Cyber Security Risk Management or Governance roleStrong knowledge of current and emerging cyber security risks, and innovative risk management methodsStrong analytical and problem-solving skills to identify and resolve complex security issues.Ability to collaboratively develop a cyber risk strategy in conjunction with numerous and diverse stakeholdersPrior experience with security policy, standards, and controls definitionStrong analytical and critical thinking skills, and excellent written and oral communication & presentation skillsExcellent written and verbal communication skills, including the ability to communicate technical concepts to non-technical audiences.Proven ability to handle high-pressure situations and make critical decisions under time constraints.(Optional) Relevant security certifications or experience on Cyber Security Architecture
We are all different - one talent to another - that is how we rely on our differences. At AirAsia, you will be treated fairly and given all chances to be your best.We are committed to creating a diverse work environment and are proud to be an equal opportunity employer.Search Firm Representatives - AirAsia does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place.

AirAsia

Memohon