'%3e%3cpath fill='%233D4245' d='M12.997 0H5.003A5.016 5.016 0 0 0 0 5.003v7.994C0 15.777 2.25 18 5.003 18h7.994A4.982 4.982 0 0 0 18 12.997V5.003A4.999 4.999 0 0 0 12.997 0'/%3e%3cpath fill='white' fill-rule='evenodd' d='M13.326 4.714a1.022 1.022 0 0 0-1.462 0L8.94 7.652 6.018 4.714a1.022 1.022 0 0 0-1.462 0 1.035 1.035 0 0 0 0 1.47L7.48 9.122l1.462 1.47 1.462-1.47 2.923-2.938c.408-.41.408-1.06 0-1.47m-.73 9.236a1.03 1.03 0 0 0 1.034-1.04V6.637l-2.068 2.078v4.195c0 .58.456 1.04 1.034 1.04m-7.36-.035a1.029 1.029 0 0 1-1.034-1.04V6.602L6.271 8.68v4.195c0 .58-.457 1.04-1.034 1.04' clip-rule='evenodd'/%3e%3c/g%3e%3cdefs%3e%3cclipPath id='a'%3e%3crect width='18' height='18' fill='white' rx='4.5'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath fill='black' d='M6.846 1.246h-.699a.194.194 0 0 0-.194.194v4.351c0 .107.087.194.194.194h.7a.194.194 0 0 0 .194-.194v-4.35a.194.194 0 0 0-.195-.195M5.153 4.9H3.269V1.44a.197.197 0 0 0-.196-.194h-.699a.195.195 0 0 0-.194.194v4.353c0 .106.086.194.194.194h2.779a.194.194 0 0 0 .194-.194v-.7a.194.194 0 0 0-.194-.194m10.39-2.564a.194.194 0 0 0 .195-.194v-.7a.195.195 0 0 0-.195-.195h-2.778a.194.194 0 0 0-.195.194v4.353c0 .106.086.194.195.194h2.778a.194.194 0 0 0 .195-.194v-.7a.195.195 0 0 0-.195-.194H13.66v-.738h1.883a.194.194 0 0 0 .195-.194v-.7a.195.195 0 0 0-.195-.194H13.66v-.738zm-3.905-1.088h-.699a.194.194 0 0 0-.194.194V3.96l-1.83-2.618c-.052-.073-.13-.095-.215-.095-.011-.002-.022 0-.033 0h-.7a.194.194 0 0 0-.194.194v4.352c0 .107.087.195.195.195h.699a.194.194 0 0 0 .194-.195v-2.63l1.909 2.73.022.026c.033.039.08.064.135.069h.713a.194.194 0 0 0 .194-.195V1.441a.195.195 0 0 0-.194-.194z'/%3e%3cpath fill='%2308BF5B' d='M15.79 7.574H2.22a.533.533 0 0 0-.533.533v8.115c0 .294.24.533.533.533h13.57a.533.533 0 0 0 .532-.533V8.107a.533.533 0 0 0-.533-.533'/%3e%3cpath fill='white' d='M6.967 11.154c0 .807-.649 1.456-1.486 1.456h-.636v1.19a.143.143 0 0 1-.143.143h-.684a.143.143 0 0 1-.143-.142V9.84c0-.078.064-.142.143-.142H5.48c.837 0 1.486.65 1.486 1.456zm-.97 0c0-.31-.218-.546-.516-.546h-.636V11.7h.636c.298 0 .516-.237.516-.545m4.577-.169v2.882a.076.076 0 0 1-.075.076H9.74a.075.075 0 0 1-.075-.076v-.21c-.2.23-.497.37-.903.37-.794 0-1.45-.697-1.45-1.6 0-.903.656-1.6 1.45-1.6.406 0 .704.14.903.37v-.21c0-.04.033-.075.075-.075h.759c.04 0 .075.033.075.075zm-.91 1.44c0-.454-.302-.739-.72-.739s-.72.285-.72.74c0 .454.302.74.72.74s.72-.286.72-.74m3.932-1.437-.698 1.758-.722-1.76a.126.126 0 0 0-.116-.078h-.774a.075.075 0 0 0-.07.104l1.204 2.935-.438 1.105a.076.076 0 0 0 .07.103h.774a.124.124 0 0 0 .116-.078l1.614-4.065a.076.076 0 0 0-.07-.104h-.774a.124.124 0 0 0-.116.079z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath id='a'%3e%3cpath fill='white' d='M1.68 1.246h14.635v15.508H1.68z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
What you do:
As a Security Governance, you will be responsible for:
- Responsible for the effective implementation of security governance practices within the organization.
- Conduct the development and maintenance of security policies, standards, processes and procedures to ensure compliance with industry regulations and best practices.
- Conduct the development of security baselines to establish minimum security requirements for existing and streamline technologies.
- Proficient in conducting security static and dynamic testing and interpreting high-level technical vulnerabilities identified through, and including penetration testing results.
- Oversee the design and implementation of security controls to protect company assets and data.
- Conduct regular assessments and audits to identify security risks and vulnerabilities, and develop mitigation strategies.
- Collaborate with cross-functional teams to ensure alignment of security governance objectives with business goals.
- Serve as a point of contact for internal and external stakeholders regarding security governance matters.
- Establishing and maintaining an effective security awareness training program that results in increased employee understanding and adherence to security policies and procedures.
- Successfully developing and implementing comprehensive security policies, standards, and procedures that align with industry regulations and best practices.
- Developing and managing a robust security program management framework and calendar that ensures timely execution of security initiatives and proactive risk management.
- Identifying and mitigating security risks through thorough assessments, implementing effective controls, and continuously monitoring and updating security measures.
- Successfully coordinating with internal and external stakeholders to address security governance requirements, respond to audits, and meet regulatory compliance obligations.
What you need to succeed in this role:
- 6+ years work experience in cybersecurity engineering roles, preferably for banking and payment companies or similar industries.
- Strong communication and organization skills.
- Good understanding and knowledge of information security fundamentals.
- Familiarity with network security and information systems security principles and best practices.
- Demonstrate a solid understanding of protocols and possess the ability to effectively plan for and handle situations that may arise while interfacing, communicating, and supporting auditors, regulators, and reviewers.
- Capable of providing expert advice on appropriate mitigation actions or compensating controls, considering the risk level associated with each identified issue.
- In-depth knowledge of security governance principles, frameworks, and best practices, Including, Possess a strong understanding of Governance, Risk, and Compliance (GRC) principles and methodologies.
- Proficient in managing security issues, conducting root cause analysis, and formulating comprehensive action plans for mitigation. Capable of advising appropriate and effective solutions to address each identified security issue.
- Strong understanding of security risk assessment methodologies and the ability to develop effective risk mitigation strategies.
- Excellent communication and interpersonal skills to effectively collaborate with stakeholders at all levels of the organization.
- Analytical mindset and problem-solving abilities to identify and address security gaps.
- Knowledge of security frameworks such as ISO 27001, NIST Cybersecurity Framework, or COBIT.
- Familiarity with OWASP and global standards as references for vulnerability assessment.
- Expertise in conducting security baseline development to establish minimum security requirements for systems, networks, and applications.
It would be great if you have:
- Earned any of security, audit, and compliance-related certification e.g., Associate of (ISC), CISSP, CISA, CRISC, CISM, CompTIA Security+, ISO/IEC 27001
- Experience with security, audit and compliance contexts e.g., PCI DSS, SOC2, SOX, PCI DSS, SEC, GDPR, PDPA and ISO/IEC 27001
- Experience in managing security incidents and conducting incident response activities.
- Understanding of modern IT infrastructure; cloud environments (AWS preferred) and Linux containers and orchestration systems (Kubernetes).
- Familiarity with cloud security, network security, and emerging technologies.
- Familiarity with security governance tools and technologies.