Job Description

The Tech & Ops Lead will be responsible for securing the information asset and the enterprise through the governance, management, and operations of security technology and tools, security operations, processes, and pragmatic use of information security strategy and risk management.


This position reports to Senior Director, GIS.



Govern, supervise, and run the operation of information security technology platforms, solutions and controls in conjunction with the respective IT teams (e.g. IT Enterprise Infrastructure and IT Enterprise Application). Lead and manage the lean GIS Tech & Ops team and work closely with key people with security responsibilities in different functions in the IT organization and business units. Where necessary, develop pragmatic security guidelines and operational documents, review and suggest changes to existing infosec related processes and procedures to improve the overall security posture of the enterprise. Provide technical support and expertise for the risk management, audit, and compliance activities. Coordinate and participate in the resolution of outstanding security and IT audit issues related to security technology, controls, and operations. Develop and provide meaningful security reports and measurements to measure the performance of security controls and processes, identify improvement areas, and report to the management as necessary. Escalates issues and problems demanding management attention and resolution. Govern, manage, and work closely with the 24x7 Security Operations Center provider in monitoring and responding to the security threats and incidents across the organization. Lead and coordinate the incident response activities and team consisting of the internal teams and external parties (e.g. cyber breach coach and digital forensic investigator). Participate in the selection, implementation, and operation of information security technology and key infrastructure solutions that are aligned with the strategic objectives and priorities of the business, and ensure that they are compliant with approved / agreed security policies and requirements as well as relevant regulations. Take the lead on security projects, processes, and operational security. Participate and contribute to the development of technical information security architecture, strategy, and framework. Maintain a strong understanding of relevant security standards, security technology, and threats that may affect the organization. Where necessary, review and suggest new security technologies to strengthen the overall systems, network, and cloud security posture, and communicate to the relevant IT team leaders and security champions. * Assess existing critical IT infrastructure and applications to ensure they are protected from security exposures and they are monitored end to end. Provide mitigating recommendations for gaps identified.