Head of Cyber Risk, Policy & Assurance

Job Description

OVERVIEW:

• Department: Information Security

• Entity: Capital A Group, KL, Malaysia

• Status: Full-time

YOUR ROLE AS A:

As a key member of the Cyber and Information Risk Management function for the group of companies, this role is accountable for information and cyber risks and security in the AirAsia Group and Capital A Group as an independent Assurance Line-of-Defence 2 (LOD2) function. 

As the Head of Cyber Risk, Policy & Assurance, you will be accountable for leading the cyber threat identification, risk management processes, and policy and control definition to the AirAsia Group and Capital A Group of companies within the Cyber Security function, delivering an Enterprise Cyber Risk holistic view, as well as operationalising the Cyber Risk Management function within the groups.

You will  work closely in coordination with Business CISOs, Head of Cyber Architecture & Strategy, Head of Cyber Defence, Group Risk, Legal, Procurement, and engineering/technical/IT teams across the portfolio of companies.

In this role, you  will also represent and participate in external engagements to assure alignment with regulators and industry peers. 

WHAT YOU’LL CHAMPION:

Cyber security is an ever evolving risk to all major organisations with new threats appearing on a regular basis. This role must create a strong network both internally and externally in order to understand those threats and ensure the flexibility of the organisation as a whole to be able to respond quickly and efficiently to new threats. In this role, you will:

• Lead the enterprise Risk, Assurance, Policy and Thereat team; Leads the CYBER SECURITY Risk & Assurance across the Group Companies.

• Be the single point accountability for Group Risk, Assurance processes, Control Framework, Security Policies, threat analysis and Enterprise Risk Visual. 

• Drive Risk methodology developments, maturity of the Risk, Policy & Assurance function & processes.

• Be the custodian of the Cyber Risk, Assurance, and Security processes in the CYBER SECURITY function.

• Drive Cyber Behaviour change programs to ensure Group staff are aware of the threats and prepared by practising Cyber behaviours. Continuously assess via the Phishing tests and validation of some user behavioural controls.

• Be accountable for the Risk and assurance processes, ensure maintenance of risk register in a standardised manner across Capital A, and its suppliers, and enable reporting of risk policies (Including the Business Information Risk Process). 

• Be accountable for raising awareness and understanding of risks and threats within the CYBER SECURITY Function & LT by actively supporting the Business CISOs and CYBER SECURITY leads.

• Ensure risk remediation and status of the mitigation actions in coordination with Business CYBER SECURITY, ICT & business teams. 

• Work closely with Business Cyber Security Risk teams to apply Controls and Assurance processes as designed. Ensures active communication of the identified Cyber Risks with Business CIOs, ICT, and Businesses to manage the gaps/findings actively.

• Drive development of Policies and Business adaptation of Policies and related CYBER SECURITY behaviours within IT functions and businesses.

• Act as an advisor to Group CISO on all information Risk, Assurance, threat matters, and management in control status reporting (including all assurance inputs).

• Ensure delivery of Business Risk Management capabilities such as Business Risk teams, Cyber risk reporting, and interface with key assurance stakeholders.  

• Be an active & participating member of the CYBER SECURITY LT contributing to the decisions of the function. Ensuring their team operates according to the CYBER SECURITY functions strategies and has a robust framework.

• Be the custodian of the Cyber Risk Management Digital Tool system and ensure high data quality in the Digital Risk Platform.

• Chair the Cyber Risk Council that arbitrates on risks and controls issues within Capital A and calibrates the Digital Controls Framework.

• Identify and incorporate CYBER SECURITY implications of new Legal and Regulatory developments (e.g. Data Privacy)

• Maintain close link with the Cyber Defence Team, Strategy & Programme, and Corporate Security to identify new risks and agree mitigation priorities

WHO YOU ARE:

• A recognized, trusted and respected leader, able to influence without direct line management control and lead significant change across the organisation through dotted line leadership.

• Regarded as a role model in the areas of motivating and developing staff.

• At least 10 years of experience in Information Security

• Proven skills to manage a team of CYBER SECURITY experts with direct and indirect reports across Capital A IT.

• Collaborative working and out-of-the-box thinking 

• Leadership behaviours to enable change and development of the Cyber Risk Management team with energy and passion.

• Be a champion for a risk-driven approach to risk mitigation and control implementation

• Understands the significance of commercial constraints. Commercial mindset and external focus.

• Comfortable working with complex, ambiguous and incomplete information and leading others through uncertainty.

• Sense of realism and pragmatism, openness and approachability

• Demonstrates strong interpersonal skills. Able to operate in a virtual global environment

• Skilled in simplifying complex problems; achieving buy into the solutions and communicating clear actionable plans

• Is effective and persuasive in both written and oral communication.

• Proven track record in CYBER SECURITY Risk Management 

• Having worked across different businesses would be an asset.

WHAT YOU’LL ENJOY:

• Physical Wellbeing: Key medical and insurance benefits, maternity expenses, flexible work arrangement, and health and fitness amenities.
• Emotional Wellbeing: Paid time off, wellness programmes, and childcare amenities.
• Financial Wellbeing: Resources relating to financial, personal skills and career growth programmes.
• Allstars Specials: Free flights, unlimited discounted flights, and exclusive discounts with partners.
• A unique Allstar culture like no other

OUR HIRING PROCESS:

• Application received
• Candidate screening
• Interview(s) and assessment(s)
• Background check and/or other assessments
• Offer and negotiation