Head of Cyber Risk, Policy & Assurance
Kuala Lumpur - RedQ
AirAsia
Download AirAsia MOVE today and get only the best deals on flights, hotels, ride and more! Completing your travel, all in one app.
Job Description
OVERVIEW:
Department: Information Security
Entity: Capital A Group, KL, Malaysia
Status: Full-time
YOUR ROLE AS A:
As a key member of the Cyber and Information Risk Management function for the group of companies, this role is accountable for information and cyber risks and security in the AirAsia Group and Capital A Group as an independent Assurance Line-of-Defence 2 (LOD2) function.
As the Head of Cyber Risk, Policy & Assurance, you will be accountable for leading the cyber threat identification, risk management processes, and policy and control definition to the AirAsia Group and Capital A Group of companies within the Cyber Security function, delivering an Enterprise Cyber Risk holistic view, as well as operationalising the Cyber Risk Management function within the groups.
You will work closely in coordination with Business CISOs, Head of Cyber Architecture & Strategy, Head of Cyber Defence, Group Risk, Legal, Procurement, and engineering/technical/IT teams across the portfolio of companies.
In this role, you will also represent and participate in external engagements to assure alignment with regulators and industry peers.
WHAT YOU’LL CHAMPION:
Cyber security is an ever evolving risk to all major organisations with new threats appearing on a regular basis. This role must create a strong network both internally and externally in order to understand those threats and ensure the flexibility of the organisation as a whole to be able to respond quickly and efficiently to new threats. In this role, you will:
Lead the enterprise Risk, Assurance, Policy and Thereat team; Leads the CYBER SECURITY Risk & Assurance across the Group Companies.
Be the single point accountability for Group Risk, Assurance processes, Control Framework, Security Policies, threat analysis and Enterprise Risk Visual.
Drive Risk methodology developments, maturity of the Risk, Policy & Assurance function & processes.
Be the custodian of the Cyber Risk, Assurance, and Security processes in the CYBER SECURITY function.
Drive Cyber Behaviour change programs to ensure Group staff are aware of the threats and prepared by practising Cyber behaviours. Continuously assess via the Phishing tests and validation of some user behavioural controls.
Be accountable for the Risk and assurance processes, ensure maintenance of risk register in a standardised manner across Capital A, and its suppliers, and enable reporting of risk policies (Including the Business Information Risk Process).
Be accountable for raising awareness and understanding of risks and threats within the CYBER SECURITY Function & LT by actively supporting the Business CISOs and CYBER SECURITY leads.
Ensure risk remediation and status of the mitigation actions in coordination with Business CYBER SECURITY, ICT & business teams.
Work closely with Business Cyber Security Risk teams to apply Controls and Assurance processes as designed. Ensures active communication of the identified Cyber Risks with Business CIOs, ICT, and Businesses to manage the gaps/findings actively.
Drive development of Policies and Business adaptation of Policies and related CYBER SECURITY behaviours within IT functions and businesses.
Act as an advisor to Group CISO on all information Risk, Assurance, threat matters, and management in control status reporting (including all assurance inputs).
Ensure delivery of Business Risk Management capabilities such as Business Risk teams, Cyber risk reporting, and interface with key assurance stakeholders.
Be an active & participating member of the CYBER SECURITY LT contributing to the decisions of the function. Ensuring their team operates according to the CYBER SECURITY functions strategies and has a robust framework.
Be the custodian of the Cyber Risk Management Digital Tool system and ensure high data quality in the Digital Risk Platform.
Chair the Cyber Risk Council that arbitrates on risks and controls issues within Capital A and calibrates the Digital Controls Framework.
Identify and incorporate CYBER SECURITY implications of new Legal and Regulatory developments (e.g. Data Privacy)
Maintain close link with the Cyber Defence Team, Strategy & Programme, and Corporate Security to identify new risks and agree mitigation priorities
WHO YOU ARE:
A recognized, trusted and respected leader, able to influence without direct line management control and lead significant change across the organisation through dotted line leadership.
Regarded as a role model in the areas of motivating and developing staff.
At least 10 years of experience in Information Security
Proven skills to manage a team of CYBER SECURITY experts with direct and indirect reports across Capital A IT.
Collaborative working and out-of-the-box thinking
Leadership behaviours to enable change and development of the Cyber Risk Management team with energy and passion.
Be a champion for a risk-driven approach to risk mitigation and control implementation
Understands the significance of commercial constraints. Commercial mindset and external focus.
Comfortable working with complex, ambiguous and incomplete information and leading others through uncertainty.
Sense of realism and pragmatism, openness and approachability
Demonstrates strong interpersonal skills. Able to operate in a virtual global environment
Skilled in simplifying complex problems; achieving buy into the solutions and communicating clear actionable plans
Is effective and persuasive in both written and oral communication.
Proven track record in CYBER SECURITY Risk Management
Having worked across different businesses would be an asset.
WHAT YOU’LL ENJOY:
- Physical Wellbeing: Key medical and insurance benefits, maternity expenses, flexible work arrangement, and health and fitness amenities.
- Emotional Wellbeing: Paid time off, wellness programmes, and childcare amenities.
- Financial Wellbeing: Resources relating to financial, personal skills and career growth programmes.
- Allstars Specials: Free flights, unlimited discounted flights, and exclusive discounts with partners.
- A unique Allstar culture like no other
OUR HIRING PROCESS:
- Application received
- Candidate screening
- Interview(s) and assessment(s)
- Background check and/or other assessments
- Offer and negotiation
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CISO Privacy Risk management Strategy
Perks/benefits: Career development Fitness / gym Flex hours Flex vacation Health care Unlimited paid time off Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Security Consultant jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information System Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open Threat intelligence-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open DevSecOps-related jobs