Ensure that cybersecurity architecture design is aligned with the organization's cybersecurity strategy.
Evaluate development of new systems and processes to ensure that appropriate security controls are implemented.
Identify alternative cybersecurity strategies to address organizational security objective.
Identify the implications of new technologies and upgrades on cybersecurity across the organization.
Review and, if appropriate, approve cybersecurity capabilities of proposed new technologies prior to organizational adoption.
Ensure that information relating to the organization's cybersecurity is appropriately managed, evaluated and shared.
Ensure that all documentation relating to network security is developed, issued and maintained.
Ensure that cybersecurity requirements are included as appropriate in any procurement action.
Identify potential security incidents and report as necessary.
Manage the regular review and maintenance of the organization's cybersecurity policy and associated documentation.
Ensure that appropriate actions are taken to mitigate the risk in the event of a cybersecurity incident.
Use internationally available documentation relating to cybersecurity implementation to inform and enhance organizational documentation.
Review the effectiveness and efficiency of the procurement function in ensuring that cybersecurity requirements and supply chain risks are addressed as necessary and make improvements where necessary.
Ensure cybersecurity requirements of all information technology systems are determined.
Participate in the acquisition process as necessary and ensure that appropriate supply chain risk management practices are adopted.
Develop and maintain appropriate cybersecurity policies and related documentation to ensure the organization's critical infrastructure is appropriately protected.
Ensure that cybersecurity assumptions are reviewed on a regular basis.
Obtain relevant resource to implement and maintain the cybersecurity aspects of an effective business continuity plan.
Communicate relevant changes in the organization's cybersecurity posture to senior management.
Ensure that cybersecurity requirements for IT are aligned with the organization’s cybersecurity strategy.
Ensure the effective communication of cybersecurity threats and mitigations to interested third parties.
