Strategic Planning - define the Information and Cyber Security strategy that will provide the necessary controls and risk assurance to the organisation over the next 3-5 years.
- Map out the as-is landscape and define the main dimensions of the strategy. Align and bridge technical and business requirements.
- Develop and implement an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats.
- Manage the IT security budget.
- Develop strategies to handle security incidents, investigations, and report security breaches.
- Be able to convey complex topics in simple, straightforward language, verbally as well as in illustrations and documentation.
Risk Assessment - Lead or orchestrate 3rd party security audits and track progress against goals, leading the implementation of remedial actions following the assessment.
- Conduct periodic security risk assessments through 3rd party audits and maintain objectivity throughout audit.
- Identify actions, assign owners and own if needed. Drive respective functional heads to ensure they are on top of the security agenda.
- Procure cyber and information security products and services.
Governance and Reporting - lead governance forums and agenda and conduct regular reporting on security.
- Talk in business forums about security threats and provide advice for handling and reducing threats.
- Investigate beaches and prepare security reports and dashboard.
- Regularly report on progress of strategy execution.
Leadership - build, coach and lead a lean, motivated and competent Information and Cyber Security team that can reliably deliver on the strategy, and that demonstrates values and behaviors.
- Hire people with the competency and skillset required to deliver on our strategic objectives, build a high performing team over first 12 months.
- Build critical capabilities within the team, develop the team's specialist and relationship management skills, nurturing a mindset of partnering with the business.
- Lead and motivate the Information and Cyber Security team to consistently deliver on agreed goals/objectives.
Innovation and Digital - partner with Digital on how we can ride the wave in innovative cyber security solutions.
- Proactively scan the market for innovative solutions and opportunities that will preserve data integrity and business continuity.
- Partner with Digital to define how we can use cyber security solutions to put customers' and colleagues' minds at ease that we have taken all due care to preserve their confidentiality and data.
Collaboration and Relationships - work with the CIO and the wider global business to build a business continuity and security protection system.
- Work with business continuity and risk teams to specify and holistically manage disaster recovery and business continuity plans.
- Work with 3rd party providers to proactively mitigate all cyber and information security threats and risks.
- Work with business and technology stakeholders to pro-actively prevent threats from occurring.
- Keep a regular line of communication and alignment to other sub-functions of IT, and to other relevant stakeholders, e.g. Digital, functions.
- Display strong gravitas to work globally across IT, the wider business and to manage disparate personalities to achieve desired results.
- Operate with a large degree of ownership and a self-reliant mindset but also decide how and when to involve regional and global leadership.
- Become a trusted thought partner to the CIO providing input and challenge to key decisions.
- Demonstrate credibility and a straightforward and professional communication at all times. Keep a clear line of communication and be transparent and open about challenges and successes.