Leads the enterprise Cyber Security Compliance Center by setting strategic direction for Information Security Management System (ISMS) governance, audit and assurance, identity and access management, and asset governance. Ensures sustained regulatory compliance, audit readiness, and continuous improvement of security controls across the organization through strong governance, disciplined remediation, and effective stakeholder engagement.
Cyber Security Compliance & Assurance
- Directs enterprise ISMS governance, ensuring effective design, implementation, and continuous improvement in alignment with ISO/IEC 27001 and applicable regulatory and contractual requirements.
- Manages internal, external, and regulatory audit programs, ensuring audit readiness, quality execution, timely closure of findings, and sustainable remediation of compliance gaps.
- Establishes audit governance frameworks, metrics, and reporting to provide transparency on compliance posture and control effectiveness.
Identity, Access & Asset Governance
- Governs enterprise-wide Identity and Access Management (IAM), ensuring secure, compliant, and efficient access to systems and data across the organization.
- Drives adoption of IAM technologies, automation, and control enhancements to support auditability, least‑privilege access, and segregation of duties.
- Oversees asset management and classification governance, ensuring accurate asset identification, valuation, ownership, and registry integrity across the asset lifecycle.
Risk, Control Alignment & Regulatory Conformance
- Ensures alignment of ISMS, asset, and access controls with enterprise risk management, regulatory obligations, and industry standards.
- Interprets evolving regulatory and standards requirements and translates them into practical, auditable control and process enhancements.
Program & Delivery Oversight
- Ensures timely, high‑quality delivery of compliance assessments and security initiatives in collaboration with Capability and Delivery teams.
People Leadership & Center Management
- Leads, mentors, and develops ISMS auditors, IAM, and asset governance teams, fostering a culture of accountability, continuous improvement, and audit excellence.
- Provides regular performance feedback, supports professional development, and ensures effective succession planning for critical roles.
Operational & Strategic Support
- Provides leadership and subject‑matter expertise for additional initiatives as assigned, ensuring alignment with organizational priorities and cybersecurity strategy.
Qualifications
EDUCATION
- Bachelor's degree in Information Technology, Computer Science, Engineering, Accountancy, or any related course/discipline.
- Post‑graduate studies or professional training in Cybersecurity, Risk Management, Audit, or Governance is an advantage.
WORK EXPERIENCE
- Over 5 years of progressive leadership experience in IT and cybersecurity, with strong specialization in ISMS, audit and assurance, Governance, Risk, and Compliance (GRC)
- Proven expertise in leading enterprise‑wide internal, external, and regulatory audits aligned with ISO/IEC 27001 and NIST CSF, including audit readiness, remediation, and issue closure.
- Demonstrated ability to work across business, technology, and risk teams to strengthen security control maturity and maintain alignment with evolving regulatory and industry standards.
