Senior Manager, Cybersecurity

Key Accountability :

1. As a Senior Manager in the Awantec cybersecurity practice, the candidate will lead and manage teams to deliver security engagements with our clients. The candidate will contribute technical insights to client engagements.
2. An important part of the candidate's role will be actively establishing, maintaining, and strengthening internal and external relationships. The candidate will identify potential business opportunities for Awantec within existing engagements and escalate these as appropriate.
3. Contributing to developing the market for Cyber Security services across all sectors, identifying sales opportunities, and escalating these to senior management.
4. Working with prospective clients to identify opportunities, scope engagements, and create high-quality proposals.
5. Consistently deliver quality client services and manage expectations of client service delivery.
6. Demonstrate technical and risk capabilities and professional knowledge.
7. Assist Awantec client in evaluating, enhancing or developing, and managing their needs:

• Cybersecurity Management programs, including technology controls, process controls, and governance, risk and compliance elements
• Business Continuity and Disaster Recovery Management programs
• Data Protection and Privacy Management Programs
• Threat and Vulnerability Management programs
• Security Incident Detection and Response Management Programs
• Identity and access management programs

8. Proactively identifying and pursuing opportunities for further business and team growth.

Job Summary:

1. Perform client security risk and controls assessments and/or penetration testing to evaluate and analyse business threats, vulnerabilities, impacts, risks, and security issues.
2. Design and work on a cybersecurity framework based on the client's business objectives and strategy.
3. Imperatives of the client organization, including goals, vision, mission, and operational plans.
4. Designing and implementing data protection and privacy programs for our clients and supporting their business.
5. Evaluating our clients' data protection and privacy practices and conducting privacy Impact assessments.
6. Monitor processes and drive improvements in efficiency and quality of cybersecurity programs.
7. Assist in developing workflows for transitioning strategic plans into implementation plans and operational readiness.
8. Facilitate strategic planning initiatives, documentation, technical roadmaps and security tool rationalization.
9. Assist in designing the security client structure, including cyber defence.
10. Develop security policies, procedures, and standards based on the security strategy and roadmap.
11. Review of cybersecurity policies and processes to identify gaps in the design of controls based on a comprehensive assessment framework
12. Maintain continuous communication with key stakeholders to support the security strategy and plan and solicit feedback to enhance the programs and capabilities.
13. Conduct security process implementation reviews to assess security effectiveness and reporting.
14. Conduct Current State Assessment of cybersecurity practices against the defined controls and provide recommendations for the to-be state.
15. Run cybersecurity diagnostic assessments and develop programs for Cybersecurity skill development and enhancement.
16. Implement client security controls to realise the certification requirements and provide a technology roadmap based on the security strategy.
17. Assisting in delivering client projects, acting as a subject matter expert, or leading a team towards an excellent client experience.
18. Supporting and guiding our clients in adhering to the complex web of relevant national and international regulations (e.g. PDPA, Cyber Security Act 2024 (CSA 2024), NCII, Global Standards SO/IEC 27001, Cybersecurity Framework NIST etc.
19. Deploying processes and tools to help detect and prevent privacy breaches.
20. Ensuring a harmonized data protection and privacy approach by bringing together our clients’ stakeholders (e.g. legal, compliance, risk, HR, security, business functions…).
21. Assisting clients in privacy-related incident response activities.
22. Support the client’s team by acting as an interim team member, such as a data protection officer, security officer, security manager, or security analyst.

Qualification :

1. A bachelor’s degree in computer science, computer/ electrical engineering, information technology or a related field
2. Related professional certifications such as CISSP, CCSP, CISM, OSCP, etc
3. Relevant certifications, such as Google Professional Certification, e.g Professional Google Cloud Security
4. Exposure to Google cybersecurity products and solutions and other market security and solution product leaders, e.g, Mandiant, Chronicles, red/blue/yellow teaming solution.
5. Minimum of 8 years for Senior Managers with recent relevant work experience in information security or information technology discipline
6. Experience in client service delivery and the ability to manage multiple engagement teams and projects

Desired experience/exposure :

1. Penetration Testing: Simulating cyberattacks to identify vulnerabilities.
2. Application Security Assessment: Evaluating the security of software applications.
3. Data and Application Security: Protecting sensitive data and applications from breaches.
4. Cloud Security: Securing cloud environments and data.
5. Endpoint Security: Protecting devices from malware and unauthorised access.
6. Identity and Access Management: Managing user identities and access permissions.
7. IOT and OT Security: Protecting Internet of Things and Operational Technology systems.
8. Cybersecurity Risk Management: Developing and implementing strategies to manage and mitigate cybersecurity risks.
9. Red/Blue/Yellow Teaming: Using advanced adversarial techniques to test and improve security defences.
10. Business Continuity Management: Ensuring the continuity of business operations in the event of a cyberattack.
11. Security architecture – creating secure architecture designs for solutions, designing secure patterns for reuse and the delivery of architectural reviews using TOGAF or SABA
12. Security around emerging technology platforms – mobile device platforms (iOS, Android), cloud services (IaaS, PaaS, SaaS), Big Data, Social media
13. Security policies and procedures—Design and implement security policies, procedures, standards, and controls in accordance with
14. regulation and/or current standards, such as ISO27001, NIST, SANS, etc.
15. Security strategy - assess, design and implement security strategy, governance frameworks over processes, controls, organization and infrastructure to management of cyber security
16. Security transformation programmes – design and management of security solution implementations and / or remediation programmes to address risks
17. Identity and access management (IDAM) - assessing current IDAM practices and designing solutions to improve IDAM processes, privileged access and recertification programmes.

Special skills required

1. Strong analytical and problem-solving skills
2. Strong drive to excel professionally, and to guide and motivate others
3. Advanced written and verbal communication skills

Personal attributes

1. Excellent interpersonal, communication and presentation skills
2. Positive attitude and a strong commitment to delivering quality work.
3. Leadership skills
4. Excellent written and verbal communication skills to interact with clients, stakeholders, and technical teams.
5. Flexibility to adapt to changing requirements and technologies in the fast-paced cloud environment.
6. Ability to mentor and guide junior team members.