Assistant Manager, Cybersecurity Architecture & Governance

Job Description:

1. Cybersecurity Architecture Governance, Strategy & Delivery

• Govern enterprise cybersecurity architecture standards, principles, and reference architectures across IT, OT, and cloud environments.
• Provide decision authority on security architecture designs, control implementations, and cybersecurity technology selections.
• Ensure all-digital, infrastructure, and OT initiatives comply with approved cybersecurity architecture, policies, frameworks, and regulatory requirements.
• Lead enterprise cybersecurity initiatives and transformation programs from planning through delivery, ensuring alignment with architecture, risk, and compliance objectives.
• Own the evaluation, procurement, deployment, and lifecycle governance of enterprise cybersecurity technologies, not limited to:
  • Endpoint and network security solutions
  • Zero Trust Architecture (ZTA) and Secure Access controls
  • Data Leak / Data Loss Prevention (DLP)
  • Mobile and Cloud Security platforms
• Define and maintain cybersecurity technology standards, configuration baselines, and system hardening requirements.
• Provide governance oversight to cross‑functional teams (IT, OT, Operations, Risk, Compliance, Vendors)
• Ensure cybersecurity initiatives are delivered within approved scope, timeline, and budget, with appropriate risk management and executive reporting.

2. Cyber Risk Management, Compliance & Assurance

• Own and govern the enterprise cyber risk management framework, including risk identification, assessment, prioritization, treatment, and reporting.
• Provide decision authority on cyber risk acceptance, compensating controls, and escalation to senior management.
• Ensure timely remediation of high‑risk vulnerabilities, audit findings, and penetration test results.
• Oversee compliance with applicable cybersecurity regulations, standards, and frameworks (e.g., ISO 27001, NIST, CIS Controls, GDPR, and local regulatory requirements).
• Act as a senior liaison for cybersecurity audits, regulatory inspections, and independent assessments.
• Provide executive‑level reporting on cybersecurity risk posture, control effectiveness, and program maturity.
• Ensure appropriate documentation, approvals, and audit trails for cybersecurity initiatives and risk decisions.

3. Cyber Analytics, Threat Intelligence & Investigation Oversight

• Provide governance and oversight for enterprise cyber analytics, threat detection, and investigation capabilities.
• Oversee the use of SIEM, security analytics, threat intelligence, and monitoring platforms to ensure effective detection of cyber threats and anomalous activities.
• Guide and review cybersecurity incident investigations, including root cause analysis, impact assessment, and containment strategies.
• Ensure cyber investigations follow approved procedures, legal, regulatory, and evidentiary requirements.
• Review investigation outcomes, lessons learned, and corrective actions to strengthen preventive and detective controls.
• Coordinate with internal stakeholders (IT, Legal, Risk, HR, Compliance) and external parties where required for major cyber incidents.
• Provide executive‑level reporting on significant cyber incidents, investigation outcomes, and risk implications.

4. Leadership, Stakeholder & Vendor Management

• Provide leadership and direction to cybersecurity engineering, operations, analytics, and investigation teams.
• Act as a senior cybersecurity advisor to business leaders, technology leadership, and operational teams.
• Drive consistent adoption of cybersecurity governance, accountability, and incident response discipline across the organization.
• Manage strategic relationships with cybersecurity vendors and Managed Security Service Providers (MSSP).
• Monitor vendor performance, SLA, KPI, and service quality, ensuring value realization and risk management.
• Champion a strong cybersecurity culture and risk‑aware mindset across IT, OT, and business units.

5. Strategic Planning & Continuous Improvement

• Monitor emerging cyber threats, threat actor trends, regulatory developments, and technology advancements impacting IT, OT, and cloud environments.
• Define and maintain the enterprise cybersecurity roadmap aligned with business strategy and digital transformation.
• Recommend and lead initiatives to enhance cybersecurity maturity, resilience, detection, investigation, and response effectiveness.
• Support long‑term cybersecurity capability planning, investment prioritization, and technology modernization.

Ideal Candidate

Education & Certification

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field.
• Professional certifications are strongly preferred (e.g., CISSP, CISM, CCSP, CISA, ISO 27001 Lead Implementer/Lead Auditor).

Experience

• Minimum 10–12 years of experience in cybersecurity, information security, cyber risk, or incident response roles.
• Proven experience in cybersecurity governance, architecture decision‑making, cyber risk management, and project leadership.
• Strong exposure to enterprise cybersecurity technologies, including SIEM/SOC, security analytics, EDR, PAM, ZTA, DLP, and cloud security.
• Experience overseeing cybersecurity incidents, investigations, and executive‑level reporting.
• Experience managing cybersecurity audits, regulatory engagements, and senior stakeholder communication.
• Exposure to OT / industrial or plantation environments is a strong advantage.

Core Competencies

• Strong cybersecurity architecture, governance, and risk management expertise.
• Solid understanding of cyber threat analytics, incident investigation, and response governance.
• Excellent risk‑based decision‑making and executive communication skills.
• Ability to lead complex, cross‑functional cybersecurity initiatives.
• Strong vendor, budget, and performance management capabilities.
• Strategic mindset with practical execution and assurance focus.

To apply, please submit your resume and cover letter outlining your interest for this role.