Job Summary
- As the Head of
Information Security, you will be responsible for protecting the integrity,
confidentiality, and availability of our information systems, networks, and
customer platforms across the enterprise, wholesale, and retail businesses. This
role will lead the company's cybersecurity strategy, governance, risk
management, operations, and incident response efforts in close collaboration
with the existing cybersecurity team and business units. You will formulate and
implement security strategies aligned with the company’s technology vision and
enterprise risk management objectives, supporting our ambitions to grow
securely and responsibly across all segments.
The Day-To-Day Activities
- Cybersecurity Strategy & Frameworks
- Lead the development and execution of the company’s cybersecurity strategy aligned to Enterprise Risk Management (ERM), Technology Risk Management Framework (TRMF), and Cyber Resilience Framework (CRF).
- Drive cybersecurity maturity programs based on NIST Cybersecurity Framework or similar standards.
- Security Governance & Policies
- Oversee the establishment of cybersecurity policies, procedures, and standards to protect products and services across enterprise, wholesale, and retail segments.
- Ensure compliance with regulatory requirements, industry best practices, and internal governance frameworks.
- Risk Management & Security Architecture
- Assess and manage technology and cyber risks enterprise wide.
- Ensure that information security architecture and roadmaps support both business objectives and security needs.
- Define cybersecurity risk appetite, tolerance levels, and Key Risk Indicators (KRIs).
- Security Operations & Monitoring
- Oversee threat management, detection, and response operations.
- Ensure effective use of tools and practices to detect and respond to cyber threats (e.g., malware, phishing, hacking).
- Incident Management & Response
- Develop, maintain, and execute the Cyber Incident Response Plan (CIRP).
- Coordinate incident responses, forensic investigations, and recovery efforts following cyberattacks.
- Product & Technology Enablement
- Advise technology and product teams on secure-by-design principles for new initiatives including cloud adoption, AI/ML applications, and emerging technologies.
- Compliance, Audit & Reporting
- Review and monitor penetration testing, vulnerability assessments, and internal/external audits.
- Liaise with regulators, auditors, and Board Committees on cybersecurity issues and audit results.
- Ensure timely reporting of cybersecurity incidents to senior management, Group Information Security, Board Committees, and regulators.
- Stakeholder Management
- Working with MCMC and NACSA. Key to ensure we are in the loop and able to access key stakeholders.
- Key internal stakeholders would be Audit Committee for regular reporting and updates of the plan and progress
- General industry to ensure organization are respected and building a credible brand in the Information Security angle.
- Leadership & Talent Development
- Lead and mentor cybersecurity team members.
- Foster a strong cybersecurity culture across the organization.
- Drive professional and personal development of the team through coaching, training, and upskilling initiatives.