Leadership and Strategic Oversight Mentor a team of IT Security Specialist Assist section head to define and maintain the security advisory and risk assessment framework aligned with corporate cybersecurity strategy. Risk Assessment and Governance Oversee enterprise and project-level security risk assessments, ensuring all critical systems, projects and changes are evaluated. Establish a standardized process for identifying, classifying, and mitigating IT and cyber security risks. Maintain the security risk register and ensure tracking and closure of mitigation plans. Report significant risks and mitigation progress to senior management and governance committees. To align and execute IT security risk assessment according to Group Risk IT risk assessment methodology Project Security Review Lead security assessments for new IT and digital transformation projects, ensuring compliance with policies and guideline Review solution designs and architectures to identify potential vulnerabilities or control gaps. Provide formal risk acceptance or go-live recommendations and documented in NFR Integrate 'security-by-design' principles into project lifecycle processes. RFP and Vendor Security Evaluation Oversee security reviews for RFPs, vendor solutions, and third-party engagements. Ensure security requirements are clearly defined in RFPs and vendor contracts. Coordinate and review third-party risk assessments and recommend mitigation actions. Operational Excellence Monitor performance, completeness and effectiveness of all managed security tools and controls. Implement automation and process improvement to reduce operational overhead Define KPIs and SLAs for tool uptime, incident response and compliance posture. Governance, Risk, and Compliance Ensure all security controls meet internal and external regulatory requirements. Own the documentation of policies, procedures, operation manual and security standards related to managed systems Lead internal and external audits for the security technologies under this section. Drive remediation plans for audit findings and ensure timely closure.
