Cybersecurity Governance, Risk, and Compliance Sr. Manager

Cybersecurity Governance, Risk, and Compliance Senior Manager is responsible for developing organizational cybersecurity framework for IT and OT including, but not limited to, policies, standards, awareness program, compliance program, project portfolio, and security architecture. Governs cybersecurity structures and processes, manages cybersecurity risks and assures compliance with the organization’s cybersecurity, risk management and related legal requirements.

• Develop and implement a strategic plan for the Cybersecurity Governance, Risk, and Compliance, ensuring alignment with organizational goals and the evolving cybersecurity landscape.
• Oversee daily operations by managing team activities, resolving issues, and ensuring adherence to cybersecurity policies, maintaining smooth and efficient departmental functioning.
• Establish and monitor key performance indicators (KPIs) to measure the effectiveness of the Cybersecurity Governance, Risk, and Compliance, driving continuous improvement and operational excellence.

• Manage robust cybersecurity governance frameworks, defining risk management processes, ensuring compliance, guiding decision-making, and setting risk tolerance levels. Lead the development and enforcement of cybersecurity frameworks effectively to protect organizational assets.
• Ensure adherence to regulations and industry standards by staying updated on evolving compliance requirements, conducting regular compliance assessments to identify gaps, and implementing corrective actions to align with best practices.
• Lead the optimization of the efficiency of cybersecurity processes by automating routine tasks, reducing manual intervention, and improving the speed and accuracy of security operations, thus enhancing overall operational effectiveness.
• Lead the enhancement of the incident response process by streamlining communication channels, reducing response times, and implementing clear protocols that ensure quick and effective resolution of cybersecurity incidents.
• Conduct compliance assessment for DACO, third parties and external vendor service providers.
• Conduct comprehensive risk assessments to identify potential threats, vulnerabilities, and security gaps within the organization's systems, networks, and processes.
• Develop and implement mitigation strategies to minimize risk exposure and enhance the overall security posture.
• Lead the development and delivery of cybersecurity awareness programs to educate employees and stakeholders on best practices, emerging threats, and security protocols.
• Ensure continuous improvement of awareness initiatives to foster a culture of security across the organization.
• Monitor the implementation of the cybersecurity strategy to ensure achievement of objectives.
• Oversee DACO systems compliance with cybersecurity, resilience, and dependability requirements.
• Oversee the cybersecurity compliance processes and audits for third party services.
• Oversee the implementation of the training and awareness activities at DACO.
• Manage the development of cybersecurity architecture considering the critical business functions, baseline requirements and systems security requirements.
• Ensure the effectiveness of the security mechanism for the protection of DACO data, systems and networks.
• Perform other related duties as assigned and any additional ad-hoc will be assigned as per work requirement.

• Integrate with stakeholders for effective control deployment, collaborating with internal teams and external partners. Promote engagement and communication for cybersecurity alignment and facilitate a cohesive approach to enhancing the security posture.
• Control the effectiveness of cybersecurity controls through regular audits, identifying vulnerabilities, and areas for improvement. Strengthen defences against cyber threats proactively to ensure ongoing compliance with cybersecurity standards.
• Manage and implement a comprehensive cybersecurity governance framework encompassing policies, procedures, and controls to guide the organization’s cybersecurity strategy. This framework should define roles and responsibilities, establish risk management processes, and ensure alignment with regulatory requirements and industry best practices.
• Ensure implementation of National Cyber Security Authority (NCA) guidelines, overseeing the alignment of operational processes and security measures with national cybersecurity directives.
• Lead the management of comprehensive cybersecurity governance frameworks, including risk assessments, compliance checks, awareness program and internal audits, to strengthen the organization’s security posture.

• Integrate with legal and regulatory affairs to address cybersecurity legal compliance requirements, ensure data protection, and manage incident reporting obligations effectively. Stay informed about data privacy laws, regulations, and industry-specific…