AVP - Cybersecurity Resilience and Governance
Key Accountability:
- Develop, update, and enforce IT security risk management policies and governance frameworks aligned with regulatory requirements and industry best practices.
- Collaborate with 1st Line of Defense and LHFG entities to ensure effective policy implementation and manage exceptions with clear risk justification.
- Lead independent IT security risk assessments, including threat modeling, vulnerability analysis, and risk quantification across systems, applications, and infrastructure.
- Review and analyze risk registers, security incidents, and control effectiveness to provide timely assurance insights to senior management and governance committees.
- Oversee governance of critical security processes such as change management, security exceptions, and secure software development lifecycle (SDLC).
- Provide independent oversight of IT security architecture and design decisions to ensure compliance with security principles and frameworks.
- Monitor IT system availability risks, including assessment of business continuity (BCP) and disaster recovery (DRP) plans from a cybersecurity perspective, ensuring organizational resilience.
- Engage with cross-functional teams and risk committees to communicate IT security risks, gaps, and recommend mitigation strategies.
Qualifications:
- Bachelor's degree or higher in Cybersecurity, Information Technology, Computer Science, or a related field.
- 58 years of experience in IT security, risk management, or independent assurance.
- Familiarity with security frameworks such as ISO 27001, NIST, and governance models like the Three Lines of Defense.
- Knowledge of security technologies, including SIEM, cloud security platforms (AWS, Azure), and data loss prevention (DLP) solutions.
- Strong analytical skills with the ability to independently provide risk-based assessments and recommendations.
- Relevant security certifications (e.g., CISSP, CISA, CRISC) are a plus.
Contact Person : Karita (096-912-1035)
