Cybersecurity Governance, Risk, and Compliance Sr. Manager

Job Purpose Cybersecurity Governance, Risk, and Compliance Senior Manager is responsible for developing organizational cybersecurity framework for IT and OT—including, but not limited to, policies, standards, awareness program, compliance program, project portfolio, and security architecture. Governs cybersecurity structures and processes, manages cybersecurity risks, and assures compliance with the organization’s cybersecurity, risk management and related legal requirements.

Position Accountability Description Strategic Leadership

Develop and implement a strategic plan for the Cybersecurity Governance, Risk, and Compliance, ensuring alignment with organizational goals and the evolving cybersecurity landscape.

Oversee daily operations by managing team activities, resolving issues, and ensuring adherence to cybersecurity policies, maintaining smooth and efficient departmental functioning.

Establish and monitor key performance indicators (KPIs) to measure the effectiveness of the Cybersecurity Governance, Risk, and Compliance, driving continuous improvement and operational excellence.

Operational Excellence

Manage robust cybersecurity governance frameworks, defining risk management processes, ensuring compliance, guiding decision‑making, and setting risk tolerance levels.

Ensure adherence to regulations and industry standards by staying updated on evolving compliance requirements, conducting regular compliance assessments to identify gaps, and implementing corrective actions to align with best practices.

Lead the optimization of the efficiency of cybersecurity processes by automating routine tasks, reducing manual intervention, and improving the speed and accuracy of security operations, thus enhancing overall operational effectiveness.

Lead the enhancement of the incident response process by streamlining communication channels, reducing response times, and implementing clear protocols that ensure quick and effective resolution of cybersecurity incidents.

Conduct compliance assessment for DACO, third‑party and external vendor service providers.

Conduct comprehensive risk assessments to identify potential threats, vulnerabilities, and security gaps within the organization's systems, networks, and processes.

Develop and implement mitigation strategies to minimize risk exposure and enhance the overall security posture.

Lead the development and delivery of cybersecurity awareness programs to educate employees and stakeholders on best practices, emerging threats, and security protocols.

Ensure continuous improvement of awareness initiatives to foster a culture of security across the organization.

Monitor the implementation of the cybersecurity strategy to ensure achievement of objectives.

Oversee DACO systems compliance with cybersecurity, resilience, and dependability requirements.

Oversee the cybersecurity compliance processes and audits for third party services.

Oversee the implementation of the training and awareness activities at DACO.

Manage the development of cybersecurity architecture considering the critical business functions, baseline requirements and systems security requirements.

Ensure the effectiveness of the security mechanism for the protection of DACO data, systems and networks.

Perform other related duties as assigned and any additional ad‑hoc will be assigned as per work requirement.

Compliance and Best Practices

Integrate with stakeholders for effective control deployment, collaborating with internal teams and external partners. Promote engagement and communication for cybersecurity alignment and facilitate a cohesive approach to enhancing the security posture.

Control the effectiveness of cybersecurity controls through regular audits, identifying vulnerabilities, and areas for improvement. Strengthen defences against cyber threats proactively to ensure ongoing compliance with cybersecurity standards.

Manage and implement a comprehensive cybersecurity governance framework encompassing policies, procedures, and controls to guide the organization's cybersecurity strategy. This framework should define roles and responsibilities, establish risk management processes, and ensure alignment with regulatory requirements and industry best practices.

Ensure implementation of National Cyber Security Authority (NCA) guidelines, overseeing the alignment of operational processes and security measures with national cybersecurity directives.

Lead the management of comprehensive cybersecurity governance frameworks, including risk assessments, compliance checks, awareness program and internal audits, to strengthen the organization's security posture.

Collaboration and Communication

Integrate with legal and regulatory affairs to address cybersecurity legal compliance requirements, ensure data protection, and manage incident reporting obligations effectively. Stay informed about data privacy laws, regulations, and industry‑specific compliance mandates to align cybersecurity practices with legal requirements.

Lead cybersecurity awareness campaigns, communication strategies, and crisis management plans to enhance resilience, responsiveness, and recovery capabilities in the event of a cyber incident. Develop a communication strategy that educates employees, executives, and stakeholders about cybersecurity risks, incident reporting procedures, and security best practices.

Stakeholder Management

Lead cross‑functional teams in conducting thorough security assessments and audits to identify vulnerabilities, assess risks, and enhance the organization's overall security posture. Collaborate with IT, compliance, and business teams to address security gaps, prioritize remediation efforts, and drive continuous improvement in cybersecurity practices.

Integrate with key stakeholders, including senior leadership, department heads, and external partners, to align cybersecurity initiatives with business objectives and industry standards. Ensure that cybersecurity goals and strategies support the organization's mission and operational requirements.

Align incident response protocols and conduct regular tabletop exercises to simulate cybersecurity incidents, test response procedures, and evaluate the organization's readiness to manage breaches effectively.

Team Leadership and Development

Guide emerging cyber threats and trends by staying abreast of industry reports, threat intelligence sources, and cybersecurity forums. Analyse potential risks, vulnerabilities, and attack vectors to proactively develop mitigation strategies and enhance the organization's security defences.

Plan and deliver comprehensive cybersecurity training programs for employees at all levels of the organization. Design engaging and interactive training modules to raise awareness of cybersecurity risks, best practices, and compliance requirements.

Align continuous compliance assessments to ensure adherence to relevant regulations, standards, and industry best practices. Review regulatory requirements, compliance frameworks, and data protection laws to align cybersecurity practices with legal obligations and privacy mandates.

Innovation and Continuous Improvement

Optimize cybersecurity tools and technologies by evaluating, selecting, and implementing solutions that enhance the organization's security posture. Conduct regular assessments of security tools, technologies, and controls to identify gaps, weaknesses, and opportunities for improvement.

Manage metrics to measure the effectiveness of cybersecurity initiatives and track progress toward security goals. Develop a cybersecurity dashboard to monitor KPIs related to risk management, incident response, compliance achievements, security awareness, and overall security performance.

#J-18808-Ljbffr