Own and oversees cyber security risk by proactively enforcing and executing an organizational cyber security risk and policy framework. Be accountable for establishing oversight of risk and risk mitigation across the Group. Responsible for providing consultation, tools, and training to IT departments to achieve the desired level of risk appetite implemented by IT, and an improvement in the overall cyber security risk posture of the organisation.
Job Accountabilities Linked to Objective Areas
1. Owns and drives implementation of a fit for purpose cyber security policy & cyber governance framework into the Group aligned with industry best practice. Own the liaison of IT to align with other policy bodies in the Group.
2. Ensure “exception” and “security change” management is in place for violations/deviations of policy.
3. Own 3rd party cybersecurity governance to oversee 3rd parties’ compliance Emirates group policies as well as own an inventory of 3rd parties accessing our IT estate.
4. Own Business & End-user cyber security and risk awareness across the Group. Own and drive implementation of a risk aware culture by our end-users.
5. Oversee IT’s cyber security risk posture and proactively drives remediation. Own a cyber security risk dashboard.
6. Drive industry best practice research for cybersecurity risk in alignment with other risk functions in the group such as e.g. group safety and internal audit.
7. Owns the transformation program towards a risk culture, security & privacy by design, to support agile development and risk-based cybersecurity governance.
8. Responsible for driving the groups cross functional cybersecurity strategy, risk based, catering for the different risk appetite across our businesses.
QUALIFICATIONS & EXPERIENCE
Professional Skills: ·