Design and implement a comprehensive cybersecurity and data governance framework aligned with standards such as NIST, ISO, COBIT, ITIL, and SOX.
Conduct risk assessments on technologies, business processes, and third-party vendors; recommend mitigation strategies and drive risk reduction to acceptable levels.
Lead the organization's risk management program, covering identification, evaluation, mitigation, and lifecycle tracking of cyber and data risks.
Integrate security by design into project lifecycles, reviewing documentation and testing plans to ensure security is embedded from inception to deployment.
Provide executive leadership with regular insights and recommendations on cybersecurity posture, internal control effectiveness, and regulatory compliance.
Ensure ongoing compliance with relevant cybersecurity laws, data protection regulations, and industry standards.
Create and manage cybersecurity awareness and training programs to foster a security-conscious culture across the organization.
Monitor emerging threats, regulatory changes, and best practices to continuously enhance the company's security and compliance capabilities.
Demonstrate strong cross-cultural collaboration and communication skills, effectively driving results across global teams and functions.
任职要求
Minimum of 8 years' experience in cybersecurity and data protection, with expertise in governance, risk management, compliance, application security, IT internal controls, and/or IT auditing.
Demonstrated success in designing and executing enterprise-wide cybersecurity programs.
Strong understanding of cybersecurity regulations, data protection laws, and industry standards.
Working knowledge of cloud security principles and practices.
Exceptional project management, analytical, and problem-solving capabilities.
Excellent communication skills with the ability to engage and influence stakeholders across various levels.
Bachelor's degree in Computer Science, Information Security, or a related discipline; advanced degree is a plus.
Professional certifications such as CISSP, CISM, CRISC, or CISA are highly valued.