Cyber Security Governance Manager
Manage and co-coordinate cyber security activities regarding governance of ENOC information and cyber security efforts towards protecting the organization information assets and critical infrastructure. Manage and maintain the development of cyber security policies, monitor compliance directly or in coordination with the cyber security assurance team. Manage cyber risk management activities and compliance and assist in cyber security planning requirements as directed by Cyber Governance Senior Manager.
Strategy/Governance
coordinate with ENOC technology functions and other departments in order to ensure that cyber-security elements are embedded and taken into account in their strategic and operational plans.
Operational
Develop and enforce cyber-policies, procedures and standards that are in line with best practices and industry trends.
Manage the communication of cyber security policies and guidelines and ensure compliance.
Manage and implement cyber security metrics and reporting framework that measures the efficiency and effectiveness of the cyber security program.
Develop and facilitate a metrics and reporting framework to measure the efficiency and effectiveness of cyber security program
Develop and maintain cyber security architecture.
Act as the cyber security risk management liaison with IT/OT and other departments.
Report to ENOC's management with regard to risks, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.
Work directly with business units and other internal departments and organizations to facilitate cybersecurity risk analysis and management processes, identify acceptable levels of residual risk.
Benchmark cyber security risk management practices of other organizations — particularly those in related industries or with similar business models
Monitor risk mitigation and coordination of policy and controls to ensure that risk owners are taking effective remediation steps.
Contribute and assist in the cyber security risk treatment plan.
Review external cyber security risk assessments, analyse the accuracy of the findings and report on them with actionable recommendations to Line manager and other relevant stakeholders.
Provide support and guidance for cyber security legal and regulatory compliance efforts, including audit support
Participate in the investigation of any potential unlawful or fraudulent action related to cyber security compliance, such as the intentional release of sensitive information or a related security breach
Manages relationship with the audit group. Receives audit findings, and manages the collection of responses and remediation plans with owners.
manage cyber security compliance control monitoring to ensure cyber compliance risks are managed to the appropriate level of acceptable residual risk.
Maintain an up-to-date understanding of industry best practices, and monitor the regulatory environment for developments that could require changes to ENOC established cyber security policies and practices
Manage the establishment and maintenance of a robust security awareness program
Act as cyber security awareness consultants for ENOC business units
Stakeholder Management
Build strong relationships and working collaboratively with internal/external stakeholders and customers to achieve objectives.
Education
Degree: Bachelor’s degree in Computer Science, Engineering or Business field or equivalent, Diploma with additional relevant experience.
MBA or Master’s degree in computer science, engineering, information security is preferable.
Required professional certifications: Professional certificate such as CISSP, CISM, C-CISO, GSEC.
Experience
8+ years of Information Technology experience.
4+ years of relevant working experience.
Working experience in multiple industries (e.g. Oil & Gas, Energy, Utilities, Retail, Government…) is preferable.
Working experience in managing cyber risk programs and assessments.
Working experience in managing information and cyber security awareness programs.
Working experience in working with cyber security policies, standards and guidelines.