The Cyber Security Governance group’s core mission is to build and strengthen the M1 cybersecurity posture and resiliency and facilitate cybersecurity risk management in the context of the organisation business strategy. The group also delivers cybersecurity services across M1 business units to ensure compliance with regulatory requirements, industry and enterprise security standards, as well as promoting cyber aware culture across the organisation.
Job Responsibilities
- Support the Cyber security committees in strengthening the organisation’s cybersecurity readiness and resiliency by providing updates on security metrics and risk indicators
- Develop, implement and monitor reporting mechanisms for governance, security and risk practices to support compliance and highlight areas of risk exposure
- Develop and maintain cybersecurity governance policies and framework to align with industry best practices and regulatory requirements. Support the team in communicating and interpreting the baseline controls to the relevant stakeholders
- Perform continuous review to assess the adequacy and effectiveness of measures in compliance with policies, standards and regulatory requirements and coordinate with the stakeholders to develop and track risk remediation plans for security weaknesses identified
- Manage the corporate security education and awareness program by conducting security awareness campaigns, education initiatives and email phishing simulation exercises
- Plan and lead the cyber table-top exercises and drills to improve operational readiness and awareness of changing threat scenarios
- Work with security operations to respond to cyber threat and vulnerability alerts in a timely manner and stay abreast of cyber security related risks
- Manage vulnerability assessments and penetration testing with security service providers and work with stakeholders to ensure timely resolution of any control weaknesses
- Liaise and support internal and external auditors to facilitate cybersecurity audits, reviews and timely closure of audit outcomes
Job Requirements
- Bachelor’s Degree in Information Technology, Computer Engineering, Computer Science, Engineering or other related fields of study
- At least 5 years broad experience in IT, Information Security, Cyber Risk Management, and/or Telecommunication
- Good presentation, verbal and written communications skills with the ability to work with multi-functional, multi-disciplined teams to formulate, institute real time awareness of security posture and baseline
- Diligent, resourceful, and able to multitask in a dynamic work environment with a meticulousness in planning and tracking