General Manager - Global Information Security

About the job

Establish comprehensive security and data privacy risk lifecycle mgmt. charter and adoption of security risk framework across the organisation Establish 2nd line of defence for independent validation and assurance of organisation's security posture and risk exposure Continuous assessment of security and data privacy risks across technology environment and business processes Recommend and execute strategic risk reduction and mitigation plan in collaboration with business stakeholders Govern security and data privacy risk posture providing assurance to maintain risk exposure under pre-defined acceptable thresholds Establish, drive adoption, govern adherence of security policies, maintain regulatory compliance assurance across organisation, supporting audits and industry certifications Collaboration with business stakeholders and executive leadership on risk awareness and risk mgmt. practices and shift-left for security risk decisions Cyber Risk Impact - Recommend, influence and facilitate decisions that directly affect organizational cyber resilience, regulatory compliance, and business continuity which requires senior level judgment and accountability Cross Functional Governance - Interface with BU Heads, GMC members, Executive leadership and Risk committee on the matter of security and data privacy risk decisions and assurance Regulatory & Strategic Complexity - Manage cyber security risk for global jurisdictions with ability to interpret and apply regulations strategically Agility for Business - Operate with the lean team while maintaining execution oversight demonstrating leadership as well as execution guidance for middle management and operations teams Accountability - Ensure that risk accountability remains integrated into business and technology decisions, providing necessary leadership in risk governance forums Decision Authority - The role spans technology, operations and business functions to maintain risk posture, enforce risk acceptance/rejection and sign-off on residual risk exposure for business initiatives Strong critical and analytical thinking with quantitative cyber risk analysis and modelling capability Knowledge of cyber risks and business impact assessment techniques and frameworks Regulatory compliance cybersecurity controls analysis and interpretation for technology and business processes Expertise to align cyber risk decisions with business priorities Ability to perform with cross-functional engagement and influencing senior stakeholders Familiarity with AI security governance, data privacy risk mgmt., and evolving technology practices Develop and maintain Cyber Risk Framework integrated with ERM Align security controls with business criticality and regulatory requirements Conduct periodic technology risk assessments for controls effectiveness across infrastructure, networks, applications, cloud, and identity across enterprise and BU products Lead threat modelling and control design reviews for new technology, AI and business initiatives, merger and technology partnerships Maintain Cyber Risk Register with quantitative risk scores such as FAIR or CVSS Evaluate third-party and supply chain risks including SaaS, cloud and technology service partners Establish cyber risk appetite and key risk indicators (KRIs) linked to business tolerance levels Govern implementation of baseline security controls (e.g. CIS, NIST, ISO) across technology environment and business processes Conduct periodic control assurance reviews and validate effectiveness of compensating security and data privacy controls Manage regulatory compliance mapping ISO 27001, SOC 2 Global Telecom and Data Privacy regulations Oversee risk-based audit readiness and support IA and regulatory audits Maintain risk mitigation plans and ensure timely closure of non-compliance or audit gaps Develop and maintain cyber risk dashboards and recommended risk posture improvement plans for BU, CISO, CRO, and Board committees Conduct cyber risk workshops and tabletop simulations with BU leadership for actionable risk insights Provide executive insights on risk trends, threat landscape, and cyber resilience Lead post-incident risk assessment, lessons learned reviews and CAPA Workflow automation for Risk tracking and issue remediation