Head, Cyber Security

JOB PURPOSE
This role is an executive-level manager within the Group Technology function and is responsible for ensuring
and maintaining a strong cyber security posture across the organization.
The individual will direct the cyber security strategy, implementation, operations, and the budget for the
protection of the enterprise information assets and manage that program. The scope of responsibility will
encompass data, networks, communications, applications, infrastructure, database, endpoints, and identities
and all related assets
JOB CONTEXT
The Group Head of Cyber Security reports to the Group Chief Information Officer and oversees key staff
working to identify and safeguard the Group’s Information and related assets from intrusion, security threats,
security weaknesses, software bugs and exploits and is responsible for both staff and the management
processes of keeping the organization secure from financial, data and reputational loss.
The role will be responsible for the strategic leadership of the cyber security program and will combine
technical and managerial experience with great problem solving and analytical skills and be a detail-oriented
leader who can build and grow a diverse team of high performing technical backgrounds. He/She understands
how to utilize solutions and techniques to identify security vulnerabilities and threats within information
technology landscape and develop solutions to mitigate those vulnerabilities and threats across multinationally
distributed systems.
The following teams will be directly reporting to this role to achieve this responsibility, Security and
Engineering, Security Business Architecture, Vulnerability and Patch Management and Security Operations
Center.
KEY RESPONSIBILITIES
• Provides the vision, leadership and direction required to develop and execute the group's cyber
security strategy and roadmap to always maintain a healthy cyber security posture.
• Define and deliver key cyber security initiatives that delivers business value to the organization

 JOB DESCRIPTION
• Develop and manage a cyber security risk management program including participation in broader
risk management activities for the organization and the development, evaluation, and compliance
to multiple areas of practice such as vulnerability management, identity and access management,
cloud security, Cyber Security operations, security architecture, engineering, and incident
response.
• Provide strategic inputs into financial planning
• Constantly update the cyber security strategy to leverage new technology and threat information.
• Brief the executive team on status of the cybersecurity program and risks.
• Maintain a current understanding the IT threat landscape for the industry.
• Leads the investigations after breaches or incidents, including impact analysis and
recommendations for avoiding similar vulnerabilities.
• Identify regulatory, legislative, and industry specific compliance requirements and define controls
that can be used ensure compliance on an ongoing basis. Translate that knowledge to
identification of risks and actionable plans to protect the business.
• Develop cyber security compliance strategy and approach in consultation with the various
technology teams, CIOs, and business stakeholders
• Coordinates with the Risk Management, Technology Operations, and Internal Controls for IT
General Controls (ITGC) validation
• Examine impacts of new technologies on the overall cyber security posture
• Direct the design, engineering and implementation and operations of security systems.
• Certify the designs and implementations of business and technical solutions from a security
perspective.
• Direct identity and access management program.
• Direct and oversee identity and access management.
• Schedule periodic cyber security self-assessments, capability maturity review exercises and
enterprise-wide vulnerability assessments to ascertain that new gaps are quickly identified and
remediated.
• Make sure that cyber security policies and procedures are communicated to all personnel and that
compliance is enforced.
• Leverage technical depth and broader business understanding to coach and develop the technical
leaders on the team
• Oversee high risk initiatives and serve as a point of escalation for remediation/mitigation efforts
• Manage all teams, employees, contractors and vendors involved in delivering cyber security,
which may include hiring;
• Provide training and mentoring to members of the cyber security team
• Set and monitor job descriptions and objectives for direct reports and provide feedback and
rewards in line with their performance against those responsibilities and objectives.
JOB PROFILE
Experience & Qualifications
 Bachelor's degree in Computer Science, Management Information Systems, Information
Security, Information Technology, or related field preferred. (A Master’s degree in similar
areas is a plus)
 10+ years of working experience information technology management, information security
management, design/architecture and implementation and IT operations.

 Knowledge of Information Security / Risk Management best practices and regulatory
environment.
 Prior experience with security policy, standards, and controls definition including ITGCs.
 Demonstrable experience working closely with IT and executive leadership and staff to
develop plans and roadmaps to create a proactive information security environment.
 Ability to collaboratively develop a risk strategy in conjunction with stakeholders
 Demonstrated knowledge of industry authoritative frameworks such as PCI-DSS, COBIT,
NIST, and ISO standards.
 Experience (not required) working with a QSA and overseeing PCI compliance program
 Proven project management skills.
 Desirable Security certifications: CISSP,CCSP, CCISO, CISM and/or CISA or working towards
any of the specified certifications.
Skills, Capabilities & Direct attributes
 Strong interpersonal skills and excellent listening skills are required.
 Strong organizational skills
 Strong analytical thinking, written, and oral communication and presentation skills
 Advanced problem-solving skills and the ability to work collaboratively with others to
resolve complex issues with innovative solutions.
 Must have the ability to influence others and work at all management levels across the
organizational structure
 High level of personal integrity and the ability to handle confidential matters with proper
judgment
 Proven leadership skills, team-orientation, and a proactive and optimistic management
style.
 Must have a good attention to detail skills and a capacity to interact, escalate to and
influence senior managers and customers
 Must have a good working knowledge of the use of productivity tools
 Ability to work on many tasks simultaneously in a high-pressure environment
 Strong awareness of the technical and business environment
 Experience working in an international/global organization