Job Summary
Lead the department and team to manage all works IT
Infrastructure, Policy & Security matters by supporting all users and
Information Services Division’s departments in the deployment of all infrastructure,
networking, security and policy by working closely with vendors and
consultants in designing, planning and executing the projects and
recommendation solutions to be implemented
Job Descriptions
Team Management
- KPI (Key Performance Index) setting for direct reports, monitor and periodic review to assure KPI met
- Overseeing the management of the IT security department, giving leadership to the team and developing staff
Budget
- Manage Capital Expenditure (CAPEX) and Operational Expenditure (OPEX) budget
IT Security
- Responsible for developing and implementing U Mobiles Cyber Security plan.
- Devising strategies and implementing IT solutions to minimise the risk of cyber-attacks
- Responsible for planning and monitoring of all activities related to IT security in UM. Scope of work includes establishing of IT security policies, audit on effectiveness of security measurement implemented, ensuring users are in compliance of security policy, as well as refreshment and upgrade of IT security policy and systems from time to time
- Promotion of Cyber Security awareness
- Ensure that all remediation is implemented on risk determined by pen testing or annual audits.
- Constantly monitoring for attacks and intrusions
- Managing the daily operation and implementation of the IT security strategy
- Conducting a continuous assessment of current IT security practices and systems and identifying areas for improvement
- Delivering new security technology approaches and implementing next generation solutions
- Driving change projects and building new security capabilities
- Developing and implementing business continuity plans to ensure service is continuous when a change programme is introduced or a security breach occurs or in the event that the disaster recovery plan needs to be triggered
- Protecting the intellectual property of the organisation at all times
- Reporting to the Audit committee and being an active member of the senior management team
- Being an active member of the senior management team
IT Risk And Policy Management
- Responsible for management of all activities related to IT risks (beyond security, includes Business Continuity Plans).
- Work with Enterprise Risk Management Department, to ensure all works within IT Risk management are in–line with direction and KPIs established at enterprise level.
- Running security audits and risk assessments
- Documenting and “educating” of IT policy established to ensure UM’s staff are aware and in compliance with IT policies
- Ensuring compliance and governance is met
- Ensure the internal audit plan identifies and tests areas that require focus and improvement.
Partners And Vendors Management
- Manage and monitoring of KPIs to ensure all IT partners’ deliveries are done accordance to contract specification as well as T&C
Stakeholders Management
- Manage collaboration and relationships between different departments in delivering solutions to meet customers’ business needs
- Effectively communicate project expectations to team members and stakeholders in a timely and clear fashion.
- MCMC for all security related policies and implementations
- Represent U Mobile at the industry Cyber security forums
- Auditors for the annual audits from E&Y and MCMC.
- Internal Audit for all investigations and annual audits
- Architecture and application development teams
- Reporting to the Audit committee
Timely Reporting and Analysis
- Periodic reporting of project status and escalation of issues as and when required
- Conduct project post mortems to identify successful project elements and improvement areas
- Quarterly reporting on security posture and incidents for the Audit committee
- Responsible for reporting all Cyber Security related incidents