MehnaTi

Chief Information Security Officer

The Chief Information Security Officer develops and drives the vision for the information security function. He/She acts as the authority for the development and enforcement of organization security strategy, standards and policies, and has ultimate responsibility for ensuring the protection of corporate information. He guides the design and continuous improvement of the IT security architecture and Cyber Risk Maturity Model that balances business needs with security risks. He advises the board and top executives on all security matters and sets directions for complying with regulatory inquiries, legal and compliance regulations, inspections and audits. He is an expert in cyber security compliance standards, protocols and frameworks, as well as the Cyber Security Act 2018. He is keeps abreast of cyber-related applications and hardware technologies and services, and is constantly on the look-out for new technologies that may be leveraged on to enhance work processes, or which may pose as potential threats. The Chief Information Security Officer is an inspirational and influential leader, who displays sound judgement and decisiveness in ensuring that corporate information is well protected and secured. He is strategic in his approach toward resource management and capability development among his teams.

Skills and Competencies

Technical Skills & Competencies

Audit and Compliance
Proficiency Level
"Establish audit and compliance strategy and objectives for the organization, ensuring robustness of internal controls are strengthened"
5
Budgeting
Proficiency Level
"Endorse organizational financial and treasury management policies, systems, budgets and plans"
6
Business Continuity
Proficiency Level
"Define the optimal business continuity strategy and objectives for business continuity and contingency plans"
6
Business Needs Analysis
Proficiency Level
"Lead comprehensive analysis to understand underlying drivers and present a compelling business case for proposed IT solutions"
5
Business Performance Management
Proficiency Level
"Establish organizational guidelines for performance systems according to organizational mission and objectives "
6

Generic Skills & Competencies

Leadership
Proficiency Level
Lead by example at organisational level. Inspire, motivate and guide others to adopt a point of view, make changes or take action. Cultivate an open, cooperative and collaborative learning culture for the organization.
Advanced
Decision Making
Proficiency Level
Make decision in a volatile and ambiguous setting using a structured process and limited sources of available information to achieve intended goals.
Advanced
Transdisciplinary Thinking
Proficiency Level
Synthesize knowledge and insights across disciplinary boundaries to aid strategic decisions and foster cooperation within and outside of the organization.
Advanced
Sense Making
Proficiency Level
Analyse data relationships, patterns and trends to gain important insights and make informed decisions.
Advanced

Critical Work Functions and Key Tasks

Formulate information security strategy

• Establish the organizational cyber security vision, strategy and underlying 
cyber security initiatives or programmes 
• Align information security and information risk management strategy with business strategy 
• Provide strategic, budgetary and administrative advice for implementation 
of information security strategy 
• Drive security awareness and education on information security throughout the organization 
• Advise senior management and key stakeholders on information security matters

Establish security architecture

• Oversee the development of information security and risk management policies, 
disaster recovery and business continuity plans 
• Evaluate current information security practices to ensure compliance with 
IT standards and industry norms 
• Oversee the implementation of appropriate plans to ensure compliance with regulatory, 
industry and regional mandates 
• Establish and implement cyber security legal risk rules and guidelines in line with 
industry norms and standards 
• Drive information security and risk management awareness training programmers

Establish security architecture

• Oversee the design of cyber security architecture and the overall Cyber Risk Maturity Model 
• Establish Key Performance Indicators (KPIs) to assess the effectiveness of the security architecture 
• Facilitate the development of a framework to measure the effectiveness of security programmers
• Review security architecture to ensure that it addresses technology shifts and threats

Manage cyber security incidents

• Act as a subject matter expert in cyber security investigations and analysis 
• Drive resolution of large scale security incidents 
• Lead the development of plans to address system vulnerabilities 
• Advise on responses to regulatory inquiries, inspections or audits 
• Present evidence for legal action arising from cyber security incidents 

Manage cyber security risks

• Oversee the development of cyber security risk assessment frameworks 
• Advise business stakeholders on the different types of cyber risks and 
incidents along with the cyber security compliance standards 
• Oversee the development and testing of disaster recovery and business continuity plans 
• Drive compliance with international and national information security and privacy regulations 
• Act as the organization’s liaison with external agencies in cyber security risk matters 

More Information

Related Occupations

Get yourself a new skill

In this Path

Coming soon...