Cyber Security Manager, Sg

COMPANY DESCRIPTION

**About the Company**

JERA Global Markets (JERAGM) is a leading utility-backed seaborne energy trader specialising in LNG, coal and freight. A joint venture between majority shareholder JERA Co., Inc. and EDF Trading, JERAGM’s shareholders are among the world’s largest utilities.

JERAGM operates one of the largest energy portfolios in the world which gives it an in-depth understanding of the way local, regional and international energy markets behave. These insights enable it to help its customers increase security of supply, optimise their portfolios and improve the risk management of their assets.

JERAGM LNG team manages the flexibility of over 35 million tonnes of supply each year, with structural access to both the European and North American gas markets. The coal team manages 60 million tonnes of supply each year for its shareholders and third-party customers and operates a major coal terminal in the Netherlands.

Headquartered in Singapore, JERAGM has a global talent pool of more than 250 people across offices located in four strategic locations: Singapore, Japan (Tokyo), the UK (London) and the US (Baltimore).

JERAGM is strongly capitalised with over US$500 million in paid up capital and a total equity of US$3 billion. JERAGM has retained its A+ Stable rating from R&I, attributable to a robust business model and solid financial base.

DESIGNATION : Cyber Security Manager, SG

RESPONSIBILITIES

**Position Description**:
To build and manage the cyber security function with blend of in-house skills and managed partner ecosystem towards managing the level of acceptable cyber risk exposure for JERAGM. Minimise the impact of security incidents by maintaining an effective response capability, collaborate and ensure alignment with JERA and EDFT Trading security policies and directives, support and enable secure business and IT-led change and lead the security teams across all JERAGM office locations.

**Main Responsibilities**:

- Risk Management_
- Maintain awareness of threat actor tools, techniques and procedures (TTP’s)
- Regularly assess the risk of cyber-attacks by leveraging industry frameworks (e.g., Mitre ATT&CK) and ‘Adversary Simulation/ Red Team’ assessments
- Maintain the Risk Register and Risk Treatment Plan
- Collaborate with Subject Matter Experts to research, develop and implement risk-mitigation strategies (people, process and technology) to counter current and emerging threats
- Deliver and/ or coordinate regular phishing simulations and cybersecurity awareness campaigns for JERAGM staff, contractors and consultants.
- Incident Response_
- Maintain an effective incident response capability comprising a Managed Detection and Response (MDR) service, incident response plan and procedures
- Coordinate regular incident response exercises
- Governance_
- Maintain the JERAGM Information Security policies and collaborate with JERA and EDF Trading counterparts for alignment opportunities.
- Maintain and enforce the company’s security policies, directives and standards
- On a risk based and practicable basis, implement mechanisms to measure compliance (and address non-compliance) with security controls
- Coordinate and/ or perform periodic user access reviews
- Define and report cybersecurity key performance indicators on a monthly basis
- Support internal and external audits and the development of remediation plans
- Assist in developing automation/controls/processes to remediate audit findings
- Provide security governance as part of change control process
- Team Management _
- Maintain a documented service catalogue with defined roles and responsibilities
- Proactively manage team resources to balance new demands whilst also delivering the agreed security strategy, services and compliance mandates
- Monitor/review/evaluate staff performance, develop staff (skills/competencies as well as mentoring/coaching), delegate and empower team members to achieve their objectives
- Manage the performance of security operations activities to within agreed targets and budget
- Provide thought-leadership and direction (both technical and people-focussed) for seeding and growing a DevSecOps culture within the organisation.
- Programme Management_
- Manage a continual improvement programme that reduces cyber risk, increases effectiveness and efficiency. Leverage agile methods such as Scrum/Kanban to manage tasks
- Sponsor, build the business case and drive delivery of security change
- Co-develop continuous integration and continuous delivery strategies ensuring security is embedded in the development and deployment of cloud services/solutions
- Manage the relationship between the security function and various stakeholders including but not limited to IT, HR, Compliance, Regulatory, Internal Controls, Group companies and third-party service providers
- Security Operations_
- Evaluate, implement or oversee the implementation of security tools and services
- Keep abreast of new