Vice President, Cybersecurity

**Overview of the Team**

You'll be working in the Cybersecurity Department and reporting directly to the CISO.

The increasing reliance of businesses on technology means that cybersecurity and technology risk management is a strategically important function within Temasek. The implementation of an effective Governance, Risk and Compliance framework to manage the technology, cyber and data security risks across the enterprise will enable Temasek to be better prepared to mitigate and manage these risks in the face of evolving cybersecurity threats.

**Roles & Responsibilities**
- The role will work closely with the CISO to carry out technology governance risk and compliance (GRC) activities as an independent oversight on technology and business units' compliance with the cyber and technology risk management (TRM) policies and standards.
- Advise technology and business partners on whether their proposed technical solutioning complies with Temasek’s technology policies and cybersecurity architecture
- Maintain and perform annual/regular reviews of the TRM and cyber policies and related risk assessment, third-party vendor management, and system and criticality assessment frameworks to ensure relevancy and effectiveness
- Drive effective implementation and communication of technology risk management and cyber policies, standards and guidelines
- Provide independent technology and cyber risk management advice to the business, technical & operations groups to contribute towards secure implementation of technology initiatives
- Drive the review and enhancement of third party vendor risk management and establish a holistic framework and structure to manage this risk
- Identify and assess the impact of technology risks on projects and ensure mitigation strategies and effective controls are established by business/technology units to mitigate technology risks arising from initiatives and processes
- Proactively partner risk owners and manage risks to minimize impact from incidents, breaches or non-compliance
- Deliver technology risk oversight to CISO and Senior Management using data-driven risk reports and ensure maintenance of cyber risk register
- Contribute to assessment of vendor risks via pre-contract due diligence processes and ensure development of mitigation plans by Business units
- Conduct regular communication and refresher trainings to maintain a good level of cybersecurity and information risk awareness
- Support incident response and carry out any other tasks as assigned

**Requirements**:

- At least 10 years of relevant experience in the field of policy formulation, GRC, cybersecurity and technology risk management
- Bachelor’s degree in in engineering, information technology/security, cybersecurity and related field. Professional information security certifications such as CISSP, CCSK, CCSP an advantage
- Prior IOT/OT security and knowledge will be an advantage
- Possess strong prior experience and knowledge in governance, risk management and compliance experience. Experience in cyber strategy and policy formulation and cyber programme execution will be an advantage
- Good knowledge in industry security practices, frameworks, and standards such as MAS TRM, ISO27001, Cybersecurity Code of Practice, and NIST Cybersecurity Framework
- Strong communication, interpersonal and leadership skills, with proven ability to manage multiple priorities, drive project teams and collaborate across business units and partners to achieve desired end-goals.

**Soft Skills**
- Possess an inquisitive, structured, and logical mind to drive end-to-end strategy development and implementation
- Strong analytical and problem-solving abilities
- Ability to lead project teams as well as work independently to organize, manage and complete projects
- Excellent cross-group and interpersonal skills, with the ability to communicate with technical and non-technical teams
- Excellent communication, presentation, and advisory skills, capable of engaging senior stakeholders

Result-oriented and assertive