JOB PURPOSE: Responsible for leading and improving cybersecurity governance and requirements for the entire enterprise. Capable of guiding and empowering decisions on cybersecurity matters by applying a risk-based and threat-aware approach. Defining and communicating cybersecurity governance with timely management reports on the applied security posture and controls. PRINCIPAL ACCOUNTABILITIES: Implementation of cybersecurity framework in accordance with industry standards and best practices to ensure they are up to acceptable industry standards and reasonable assurance of security of the computing environment. This encompasses the entire enterprise ecosystem, which is made up of IT, OT, and IoT. Manage and direct cybersecurity operations, including internal and external stakeholders. Produce and give cybersecurity governance reports as necessary. Consistently monitoring and being aware of industry standard best practices, such as NIST, and conducting gap analysis on current governance are necessary. Maintain and enforce IT-related corporate policies and SOPs to ensure proper governance and compliance. Liaise with other departments such as risk management, quality management, administration, SHE and external parties such as external auditors, security solution providers and industry practitioners to carry out the relevant governance and security activities. Develop soft skills and technical competencies required for team members for them to perform current tasks for sustainable capabilities and continuous improvement. Manage periodic security activities such as awareness & training program and vulnerability management. Provide consultancy or advisory services to other business units pertaining to IT governance, policy, standards, SOPs and security considerations when required. Develop and maintain the DRP / BCP together with other relevant business units and coordinate the periodic testing in order to be prepared if actual recovery activities need to be carried out. QUALIFICATIONS, EXPERIENCE, SKILLS AND COMPETENCY: Previously held a role in cybersecurity with a proven track record in managing cyber risks and governance for IT, OT, and IoT infrastructure. Bachelor's degree in IT, ICT, MIS, Computer Engineering or related fields with a minimum of seven (7) years of related work experience. Having CISSP, CISA, or CISM certification is an added advantage, along with knowledge of relevant industry standards and frameworks such as NIST, CoBIT, ISO/IEC, 27k, and ITIL. Proficiency in various security tools, systems, and technologies. Excellent communication skills in writing and speaking, that can be understood by audiences with or without technical backgrounds. Applicable to only Malaysian citizens. Deadline: 28 March 2024