Head, Cyber & Data Privacy

The Head Cybersecurity provides leadership for the organization within the information security sphere through development of appropriate cyber security strategies and action plans.

You will be responsible for defining the cyber-security and data protection master plan by coordinating the technology roadmap for SPH Media\'s products and services, supporting solutioning strategies and cultivating internal and external partnership with the aim of developing the security community. You will ensure that security is well-considered in our product development journey to align to the company policies and standards, as well as industry best practices. You will also be responsible for the planning, development and implementation of information security strategies and related policies. You will be responsible for managing risk and providing controls and compliance guidance, aligning information security and information risk management strategy with business strategy and concurrently overseeing the organisation\xe2\x80\x99s security risk management plan. Besides the CISO role, you will also play the role of CDPO, crafting, revising, and implementing policies. Being the contact point on all matters relating to PDPA, handling complaints on PDPA and privacy matters including ensuring adherence to PDPA and to our Privacy Policy & PDPA Manual, PDPA Ticketing System, including any revamp to the system due to business or legal requirements; liaising with PDPC, complainants and our management (including top management) about PDPA matters especially when there are alleged or actual data breaches. You will also be chairing of PDSC meetings.

B. Key Responsibilities

The scope of responsibilities Includes the following:

• Ensure that products are developed in compliance to security policies and standards.

• Acquire executive support and formulate information security goals and establish policies, standards, and procedures in line with company cyber security directions.

• Provide security governance, enforcing cyber security risk assessment and risk acceptance from stakeholders.

• Ensure cyber security compliance to whole-of-government policies and standards.

• Review, endorse, develop risk management and mitigation plans to be shared at the executive and operational levels

• Advise the appropriate cyber security solutions and technologies to be deployed

• Develop security awareness programs and defined processes for Threat and Incident Management.

• Advise and ensure secure ICT development life cycle, security controls implementation and asset management.

• Align IT needs with the strategic cyber security direction.

• Manage the budget and resources accordingly to the business impact of the information security risks too.

C. Job Profile

Required Qualifications / Competencies / Skills / Knowledge

• At least 10 years of management experience related to information security and working knowledge of ICT operations, security policies and procedures.

• Strong knowledge of risk management and sound business practices

• Comfortable interacting with senior management and discussing critical issues

• Ability to work with a cross-functional, multi-disciplined team to formulate, institute and monitor security policies and procedures.

• Good understanding of both IT and business processes and the relationship between them.

• Preferably \xe2\x80\x98Certified Information Systems Security Professional\xe2\x80\x99 (CISSP), or \xe2\x80\x98Certified Information Systems Auditor\xe2\x80\x99 (CISA) or \xe2\x80\x98Certified Information Security Manager\xe2\x80\x99 (CISM) certifications.