Risk & Cyber Security Manager

Job Title: Risk & Cyber Security Manager

Job Purpose

To direct, own, and manage the Enterprise Risk Management (ERM), Information, and Cyber Security governance functions within THE COMPANY. Drive initiatives in alignment with THE COMPANY’s vision and mission, and support the Chief Strategy Officer in achieving the company’s risk management, business continuity, crisis management, and cyber security objectives.

Key Accountabilities

- Cyber Security Governance:
- Direct, own, and manage the information and cyber security governance function.
- Develop, maintain, and actively manage cyber security governance and risk management frameworks for both IT and Operational Technology (OT) environments.
- Formulate and lead the implementation of the Cyber Security Strategy aligned with THE COMPANY’s vision, mission, and corporate objectives.

- Leadership & Management:
- Provide leadership for the Cyber Security department, setting objectives, managing performance, recruiting, developing, and motivating staff.
- Direct the preparation and consolidation of the cyber security budget and monitor financial performance to identify and capitalize on performance improvement opportunities.

- Security Practices & Compliance:
- Oversee the monitoring and review of IT and OT security practices, processes, and improvements to minimize cyber security risk.
- Guide the design, implementation, operation, and maintenance of the Information Security Management System (ISMS) based on ISO/IEC 27000 standards.
- Ensure compliance with internal security policies, laws, and regulations.

- Operational Technology (OT) & Industrial Control Systems (ICS):
- Establish security management frameworks and hardening standards for OT/ICS in coordination with the Maintenance department.
- Manage Segregation of Duties (SoD) risks related to IT and OT systems and applications.

- Risk Management & Frameworks:
- Lead the establishment and management of THE COMPANY’s risk management frameworks and methodologies.
- Conduct ongoing risk assessments of external and internal threats to ensure appropriate risk mitigation and information security practices.
- Develop effective interfaces between the ERM framework and other risk management frameworks (Information Security, Business Continuity, Compliance, HSE, Projects).

- Business Continuity & Crisis Management:
- Oversee the establishment and operation of business continuity and crisis management frameworks to address disruption risks and reputational risks.
- Manage the development and maintenance of standards and procedures for business continuity and crisis management.

- Incident Management & Awareness:
- Lead the establishment and operation of a fit-for-purpose cyber security incident management process.
- Develop and oversee Risk & Cyber Security Awareness programs and ensure their effective delivery.

- Reporting & Communication:
- Prepare periodical management and progress reports for senior management and the Board.
- Summarize and communicate effectively with senior executives.

Desired Candidate Profile

- Education:
- Bachelor’s degree in a relevant discipline.

- Experience:
- Minimum of 15 years in information security with a focus on IT and OT infrastructure security and cloud security.
- At least 6 years in progressively increasing managerial roles.

- Certifications:
- Relevant professional certifications such as CISA, CISSP, CISM, PMP are advantageous.

- Skills:
- Strong ability to summarize and communicate effectively with senior executives.
- Proven track record in managing risk, cyber security, business continuity, and crisis management.