· Implementing a cybersecurity framework in alignment with industry norms and best practices to ensure compliance with acceptable standards and provide reasonable security assurance for the computing environment.
· Overseeing and guiding cybersecurity operations involving both internal and external stakeholders, and delivering cybersecurity governance reports as needed.
· Continuously monitoring and staying informed about industry-standard best practices, such as those outlined by NIST, and conducting gap analyses on existing governance procedures is essential.
· Upholding and enforcing corporate policies and SOPs related to IT to ensure effective governance and regulatory compliance.
· Collaborating with other departments such as risk management, quality management, administration, and external entities like auditors and security service providers to execute relevant governance and security initiatives.
· Cultivating both soft skills and technical expertise among team members to enhance their capacity for current responsibilities and support ongoing improvement efforts.
· Overseeing routine security activities such as awareness and training programs, as well as vulnerability management.
· Offering consultancy or advisory support to other business units regarding IT governance, policies, standards, SOPs, and security matters whenever needed.
· Developing and maintaining Disaster Recovery Plans (DRP) and Business Continuity Plans (BCP) in collaboration with relevant business units, and coordinating periodic testing to ensure readiness for potential recovery operations.