Information Security Director

1. Oversee IT security risk and vulnerabilities managemen
2. Develop security strategy and roadmap
3. Establish and implement security-related policies and guidelines
4. Own the information security initiatives for IT Division.
5. Design and build the security practice and the organization's security architecture
6. Provide leadership in project(s) to ensure "security design" principles and approaches are incorporated into IT systems
7. Manage and report on IT/cyber security vulnerabilities and risks. Including performing periodic IT security control testing, (e.g., vulnerability testing, risk analysis and security assessments) are carried out and remediate gaps identified within defined timeframe
8. Perform PCI-DSS Assessments and fulfil PCI-DSS obligations for current and new projects and systems
9. Conduct IT security awareness through regular publishing of monthly security updates/bulletins and trainings (e.g., brown bags) to improve IT security knowledge of users and IT staff. Provide advice and consultancy on security risks and controls
10. Manage IT/ Cyber security incidents and liaise with various IT functions, Risk and Compliance, and business users
11. Direct external vendors/investigators in conducting electronic discovery and digital forensic investigations when required
12. Participate and working with other high-level executives to establish disaster recovery (DR) and business continuity plans
13. Develop and monitor comprehensive cybersecurity program
14. Establish cybersecurity risk management process
15. Establish a metric and reporting framework
16. Establish and build internal and external relationship
17. Monitor the external threat environment and advise on appropriate actions
18. Develop and implement incident response process and policies