Key Responsibilities:
Enterprise IT Risk Assessment & Control Framework Oversight
- Lead the identification, evaluation, and mitigation of IT and cybersecurity risks across infrastructure, applications, and data assets.
- Define and manage control frameworks to address key risk areas, particularly in cloud, hybrid, and multi-tenant environments.
- Conduct executive-level risk assessments and deliver control strategies to reduce vulnerabilities and ensure operational integrity.
- Oversee business impact analyses, risk appetite assessments, and integration of risk controls into broader IT governance.
Security Operations & Incident Oversight
- Provide strategic direction and oversight to Security Operations Center (SOC) activities and security monitoring initiatives.
- Lead high-severity incident management efforts, ensuring timely escalation, communication, and root cause analysis.
- Evaluate detection and response capabilities and implement enhancements for real-time threat intelligence and response workflows.
- Define SOC performance metrics and ensure adherence to service-level agreements and best practices.
Compliance Management & Regulatory Alignment
- Lead enterprise compliance efforts with international and local regulations (GDPR, Law 25, PIPEDA, ISO 27001, PCI-DSS).
- Develop and maintain governance models, internal controls, and audit mechanisms to ensure regulatory readiness.
- Manage client-facing and internal audit engagements, ensuring timely resolution of compliance gaps and issues.
- Act as a strategic liaison between technical teams, compliance officers, and legal counsel.
Data Privacy & Protection Governance
- Oversee the design and implementation of robust data protection programs, including encryption, anonymization, and access controls.
- Ensure organizational adherence to privacy laws through formal policies, data protection impact assessments (DPIAs), and secure data lifecycle management.
- Collaborate with Data Protection Officers (DPOs) and client stakeholders to operationalize privacy-by-design principles.
Crisis Management & Business Continuity Leadership
- Lead enterprise crisis response planning and business continuity initiatives, including scenario testing and tabletop exercises.
- Provide senior guidance during major cybersecurity incidents or breaches, ensuring minimal business disruption and timely recovery.
- Evaluate and enhance continuity plans to account for evolving threats and operational dependencies.
Security Awareness, Training & Stakeholder Engagement
- Develop organization-wide training programs to promote security best practices and compliance awareness.
- Deliver executive workshops and functional team training on cybersecurity risks, policy compliance, and secure operations.
- Foster a culture of accountability and security ownership across business units and client organizations.
Strategic Threat Intelligence & Regulatory Monitoring
- Monitor emerging cybersecurity threats, evolving attack vectors, and global regulatory developments.
- Translate external intelligence into actionable internal strategies, technology investments, and control adjustments.
- Provide forward-looking guidance to leadership and clients to stay ahead of regulatory and technological shifts.
Reporting, Governance, and Executive Communication
- Oversee the creation of risk dashboards, compliance status reports, and security performance metrics for executive audiences.
- Present complex security and compliance concepts to senior stakeholders in a clear and actionable manner.
- Support board-level reporting and contribute to security strategy development in alignment with corporate objectives.
