Head of Section, Information Security

Head of Information Security

The Head of Information Security serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information security policies. A key element of the Head of Information Security’s role is working with executive management to determine acceptable levels of risk for the organization. This position is responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected.

You are: (personality / competencies etc.)

We are looking for someone who can handle multiple functional roles, the main one would be GRC (Governance, Risk and Compliance) function with knowledge of Security tools/Technologies and SOC experience.

You will responsible for protecting the organization’s networks and data against threats by building understanding and awareness of security issues throughout the organization and working collaboratively to develop security solutions.

Typically includes knowledge of the following functions:

• Data Security
• Cyber Security 
• Security Architects
• Information Security Governance

• An independent person who can lead and project manage tasks and deliverables within an established timeline
• Result oriented and resourceful in delivering results
• Good communication and analytical skills

You’re Responsibilities: (What is this role all about? What does the applicant have to do?)

• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program
• Work directly with the business units to facilitate risk assessment and risk management processes
• Develop and enhance an information security management framework
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
• Provide leadership to the enterprise's information security organization
• Partner with business stakeholders across the company to raise awareness of risk management concerns
• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
• Implement Digi’s cyber security strategy and framework, explore and recommend the latest available technologies on cyber resilience, advance Digi’s cyber security posture proactively, regularly report on cyber security performance and perform financial budgeting for security to achieve Digi’s cyber resilience vision and desired security posture
• Represent Digi when dealing with external parties such as law enforcement agencies, customers, partners, Participants, service providers, the general public on cyber resilience related matters
• Increase Digi’s cross functional capability to manage security
• Establish and embed cultural and behavioral goals in the cyber security strategy
• Review and update remuneration structures to ensure enough emphasis is placed on cyber security to adequately support the goal to achieve the cyber security strategy
• Develop a cyber security threat model / landscape to help guide use-case tuning, security reporting and incident response
• Establish automated patch management reporting to security management and review the thresholds to reflect the changes in cyber threat landscape.
• Ensure crisis communication media training, inclusive of press conferences and media interviews, is adequately conducted for senior management and re