Group Director - Cyber Assurance

As the Group Director of Cyber Security Assurance, your primary purpose is to lead and oversee the development, implementation, and continuous improvement of a robust global independent cyber security assurance program within our organisation. Your role is critical in providing independent oversight and assurance to senior management and stakeholders that our cyber security measures effectively protect the organisation's digital assets and data.

You will:

• Lead complex IT and cyber security audits, assessments, penetration tests to evaluate effectiveness of security controls; manage external auditors and consultants as necessary;
• Establish and maintain a Cyber security Assurance Programme that includes overall framework, Cyber Assurance strategy, annual assurance plan, procedures, standards, and controls to safeguard our digital infrastructure and sensitive information.
• Independently assess compliance with relevant regulatory requirements, industry standards, and cyber security frameworks.
• Collaborate with Group Technology teams to align cyber security assurance efforts with their cyber security operations and technical initiatives. Leverage each team’s distinct roles and expertise for a holistic approach to cyber security.

Job Accountabilities:

• Establish and maintain a Cyber security Assurance Programme that includes overall framework, Cyber Assurance strategy, annual assurance plan, procedures, standards, and controls to safeguard our digital infrastructure and sensitive information.
• To deliver Cyber Assurance Program which includes complete IT Security and Cyber security related audits independently across all Group entities.
• Lead the Cyber Security Audit team to deliver Cyber Security assurance program, to deliver targeted audits addressing the highest risks and areas that matter the most for our business.
• Accountable for end-to-end cyber security audit program – from risk identification, audit planning, scoping, execution reporting and following up on closure of items
• Continuously monitor and assess emerging threats and vulnerabilities, and update Cyber Assurance Program accordingly.
• Project manage all Cyber Security Assurance work including directing, coordinating, reviewing, and reporting of the work of Security audit teams and providing expertise in all IT and Cyber Security related matters and audits.
• Conduct Cyber Security Audits using tools and or manual exploitation techniques, document and present conclusions in a clear concise manner to business unit management and group senior management and agree all IT control and process improvements and recommendations which may include operational enhancements or efficiencies, and the preparation of audit reports as well as documenting controls;
• Manage the Development, execution and maintenance of comprehensive IT security audit work programs including common OS, network & database security, portals and application, internal and external penetration tests, configuration audits etc.
• Ensure regular IT Issues Follow up, IT Security Awareness campaign, and other Audit initiatives as required are conducted by the IT Security Audit team in line with GIA procedures manual.
• Promotes and leads identifying and sharing IT security and general IT good practices that can be implemented within the organisation and external entities. Advise HO, Regional and terminal IT on IT and IT Security trends and emerging risks.
• Manages non-audit projects (e.g., IT and IT security incident reviews, business process reviews, compliance reviews, fraud investigations, project reviews).
• Keep self and team up to date and educate team members on IT industry trends and advancements by investing in self-learning and being an active member and contributor at organizations such as ISACA, IS forums, IT Audit groups, Seminars – IT Risks and Controls, IT Security – threats and controls, Emerging IT Risks
• Develop and maintain professional relationship with auditees’ IT teams, Senior IT management and Technology executive management at Group technology to create an expert network, leverage the global expert network, promote synergy within various DPW IT departments.
• Provide regular updates to the Audit Committee on IT and Cyber Security related matters.

Qualifications:

• Computer Science Degree, preferably with specialisation related to information security or cyber security.
• 2 or more IT security related / audit qualifications in good standing e.g. CISA, CISSP, CISM, CEH, CGEIT,OSCP

Experience:

• Proven leadership experience in global cyber security assurance roles.
• Deep knowledge of global cyber security principles, practices, and technologies.
• 10 to 15 years post qualification Cyber Security implementation and Audit experience – including hands on IT Security Testing experience including internal network vulnerability assessments and external penetration tests;
• Big 4 background beneficial
• Developed and implemented a robust security assurance framework, ensuring alignment with industry standards and regulatory requirements.
• Led a team of cyber security professionals to perform comprehensive security assessments, including vulnerability scanning, penetration testing, and security audits.
• Conducting information security audit work which conforms to professional standards such as NIST, NIS, GDPR, CIS, COBIT, ISO 27001, ISR, NESA, GTAG, CIIPA and other standards
• Industry experience in IT e.g. OS administration, network administration, firewall configurations and controls, IT security implementation, etc. is beneficial

We welcome all applications regardless of background, in line with our commitment to diversity, equality and inclusion.

Applying to this or any other vacancy advertised by Spinwell Ltd constitutes an agreement for Spinwell Ltd to hold your details for 24 months for the purpose of assessing suitability for the advertised position and to make you aware of any other positions deemed suitable of which You will make you aware by means of either email, text or phone. In line with GDPR regulations you are able to request your details be removed from the company data at any time by emailing us